In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
Select the Objects tab, then select Security profiles → Anti-Virus.
In the upper part of the workspace, click the Create button.
This opens the Anti-Virus profile creation window. By default, the General tab is selected.
In the Name field, enter a name for the new profile.
The name of the profile must be unique among all profiles. The maximum length is 128 characters.
If necessary, in the Description field, enter an arbitrary description of the profile.
The maximum length is 256 characters.
If necessary, enable security event logging using the Logging toggle switch.
If logging is enabled, then when an attempt is made to visit a malicious web resource, an event is logged in the Anti-Virus security event log in the SIEM system. If logging is disabled, no events are generated or saved.
Under Protocols & actions, for each protocol, select the action to be performed when malicious objects are detected in TCP traffic or when an attempt is made to gain access to a URL from the list of compromised URLs:
Allow to allow access to the web resource.
Show blocking page to block access to the web resource and display a text explaining the error and recommending further actions (for example, suggesting contacting the system administrator).
This action is available only for the HTTP protocol.
Block to block access to the web resource. No explanatory message is displayed.
Reset both to block access to the web resource and send TCP RST to the client side and to the server side for TCP sessions. No informational message is displayed.
The listed protocols also include their encrypted versions. To scan encrypted traffic, enable encrypted connection scanning.
On the File Anti-Virus tab, configure the scanning of objects detected on pages visited by the user:
If you want to scan objects detected in traffic using not only the local database, but also the cloud service, set the Look up objects in KSN toggle switch to On.
Stream Anti-Virus looks up the hash of the object in the lists of cloud services only if this hash is not found in the local databases.
If you want to scan objects detected in traffic based on their hash values, enable the Stream Anti-Virus toggle switch.
If you want to scan objects detected in traffic for malware, enable the Object Anti-Virus toggle switch.
When enabling Object Anti-Virus, you can manage its settings:
If you want to send files being scanned to Kaspersky Anti Targeted Attack Platform (hereinafter referred to as KATA) for scanning, set the Send objects to KATA toggle switch to On.
In the Maximum file size to scan (MB) field, specify the maximum size of files that must be processed by Object Anti-Virus. Files larger than the specified value are ignored. Possible values are from 1 to 100, and the default is 10.
On the URL reputation checker tab, configure the matching of traffic against the list of compromised URLs:
If you want to scan traffic using not only the local database, but also address lists from the cloud service, set the Look up objects in KSN toggle switch to On.
If you need addresses to be additionally scanned for belonging to advertising URLs or IP addresses, set the URL adware toggle switch to On.
If you need addresses to be additionally scanned for belonging to URLs not otherwise categorized, set the Other URL toggle switch to On.
If necessary, on the URL exclusions tab, add URLs, URL masks or IP addresses that you want to exclude from Anti-Virus scanning when using this profile:
If you want to add a new address to the list of exclusions, click the Create button and in the field that appears, enter a value for the URL, mask, or IP address.
The new item is added to the table.
If you want to delete a previously created exclusion, select the exclusion in the table and click the Delete button.
If you want an event to be recorded in the security event log when the profile is applied and access is gained to an address in the list of exclusions, set the Logging toggle switch to On.
Click the Create button to save the new Anti-Virus profile.
The created profile is added to the list of Anti-Virus profiles.
Apply the OSMP policy changes by clicking the Commit and push button.