Configuring real-time scanning of ICAP traffic

If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.

Real-time ICAP traffic scanning on standalone servers with the Sensor component can only be configured in Technical Support Mode. To perform actions in Technical Support Mode, we recommend contacting Technical Support.

You can configure real-time ICAP traffic scanning on a server with the Central Node and Sensor components for anti-virus scanning of data. Scan results are displayed to the user of the host on a notification HTML page.

To configure real-time ICAP traffic scanning:

  1. In the window of the application web interface, select the Settings section, ICAP traffic scanning subsection.

    The ICAP traffic scanning settings page is displayed.

    By default, under Notifications, pages corresponding to the following events are loaded:

    • The page uploaded in the Link blocked field is displayed if a threat is detected at the address requested by the user.
    • The page uploaded in the File blocked field is displayed if a threat is detected in a scanned file.

    By default, HTML pages from the distribution kit are loaded in Kaspersky Anti Targeted Attack Platform. You can upload your own notification pages and configure how they must be displayed. The size of a notification page must not exceed 1.5 MB. If the uploaded notification page is larger than 1.5 MB, an error is displayed.

  2. Under File block threshold, in the Sandbox alert importance field, select a value from the drop-down list. These values correspond to the possible impact of the alert on the security of a computer or your corporate network based on the expert opinion of Kaspersky.

    This setting can take one of the following values:

    • High Apt_icon_importance_high for a high importance alert. This option is selected by default.
    • Medium Apt_icon_importance_medium for a medium-importance alert.
    • Low Apt_icon_importance_low for a low-importance alert.
  3. Under Scan timeout, in the Timeout field, specify the file scanning time. While the file is being scanned, its download speed is reduced. If the file cannot be scanned within the specified time, the download continues at normal speed.

    The default value is 10 minutes. You can set any value greater than 1 minute.

  4. Click Apply.

The scan is performed with the specified settings.

Page top