[ATP/FLEX] How to set up Anti-Malware on Nebula

Zyxel_Jeff
Zyxel_Jeff Posts: 1,059  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Security Service


Nebula Control Center provides Anti-Malware that can prevent user from downloading files with malicious virus content to protect user’s connected network safety. You can create an Anti-Malware profile in the security service path on Nebula and this article will guide you on how to deploy it.

Configuration steps

1. Navigate to Configure > Firewall > Security Service to enable the Anti-Malware profile and edit it.


2. Configure Anti-Malware profile

Enabled – To turn ON/OFF the Anti-Malware feature.

Log – Create an event log when the device detects malware contents.

Scan mode –

Stream mode: The Nebula Device scans all files for viruses using its anti-malware signatures to detect known virus patterns.

Express mode: You can define which file type are scanned using the Cloud Query fields. The Nebula Device then scans files by sending each file’s hash value to a cloud database via cloud query.

Hybrid mode: This mode combines Express Mode and Stream Mode to offer a balance of speed and security. Currently, it only supported with ATP series models.

File decompression (ZIP and RAR) –The Nebula Device would scan a compressed file to see if there is any virus content (the file does not need to have a “zip” or “rar” file extension).

Destroy compressed files that could not be decompressed – Turn on this feature to have the Nebula Device delete compressed files that use password encryption.

Cloud Query – Choose supported file types for the Nebula Device to scan for viruses.

Block list – Enter the Block list that you would like to block such as virus.pdf etc.

Allow list – Enter the Allow list that you would like to allow such as office_VPN_tool.exe etc.


Test Result

Once you download a file with malicious virus content, the traffic will be blocked and here is an event log that shows virus infected messages, too.


Moreover, if you downed the file that is listed on the block list, here is an event log message to tell you the file matches the block list as well.

 

You cannot open the file normally to protect your connected network from malware infection.