Share via

Enabling the malware inspection feature

  • Article

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to enable malware inspection of HTTP traffic in outbound requests.

You first enable malware inspection globally, and then on a per rule basis, as described in the following procedures:

  • Enabling global malware inspection

  • Enabling malware inspection per rule

Note

While it is recommended that you keep the default settings, you can set malware inspection options for specific rules that are different from those set globally. For information, see Configuring malware inspection optional settings.

Enabling global malware inspection

Global malware inspection settings apply to all access rules for which you enable malware inspection.

To enable global malware inspection

  1. In the Forefront TMG Management console, in the tree, click the server name node.

  2. On the Tasks tab, click Launch Getting Started Wizard, and then click Define deployment options.

  3. Make a selection on the Microsoft Update Setup page, and click Next. For information, see Planning for updates of protection definitions.

  4. On the Forefront TMG Protection Features Settings page, do the following:

    1. Select one of the licenses to enable Web protection.

    2. If you select Activate purchased license and enable Web Protection, type the license activation code next to Key.

    3. Verify that Enable malware inspection is selected.

  5. Continue advancing through the wizard, and then click Finish.

Note

When you enable malware inspection, Forefront TMG automatically downloads the malware inspection engine and the latest signatures. This initial download may take several minutes, during which time HTTP traffic is not inspected for malware. By default, traffic is allowed on rules on which malware inspection is applied. However, you can block traffic on those rules. To do this, on the Web Access Policy node, click Configure Malware Inspection, and then on the General tab, click Block traffic in relevant rules until the download completes.

Enabling malware inspection per rule

After enabling malware inspection globally, you must enable it on specific access rules, including new and existing rules.

To enable malware inspection when creating a new Web access rule

  1. In the Forefront TMG Management console, in the tree, click the Web Access Policy node, and then, in the Tasks pane, click Configure Web Access Policy.

  2. Follow the on-screen instructions for creating Web access policy rules.

  3. On the Malware Inspection Settings page, click Inspect Web content requested from the Internet. If required, select Block encrypted archives (for example, zip files).

  4. Continue advancing through the wizard. After you click Finish, click Apply on the Apply Changes bar.

To enable malware inspection on existing rules

  1. In the Forefront TMG Management console, in the tree, click the Web Access Policy node.

  2. In the details pane, right-click the rule you want to modify, and then click Properties.

  3. On the Malware Inspection tab, select Inspect content downloaded from Web servers to clients.

Concepts

Configuring malware inspection in Forefront TMG secure Web gateway