About Malware Protection

The Zscaler service uses an industry-leading AV vendor for signature-based detection and protection so it can provide comprehensive anti-virus protection. In addition to anti-virus and anti-spyware blocking, the service uses “malware feeds” from its trusted partners; such as Microsoft and Adobe; as well as its own technologies to detect and block malware. The Malware policy applies globally, to all an organization's locations. Zscaler recommends that you do not change the default policy.

To see how this policy fits into the overall order of policy enforcement, see How does the Zscaler service enforce policies?

Go to Policy > Web > Malware Protection.

Zscaler recommends that you do not change the default settings of the Malware Protection policy, to ensure the security of your user traffic.

For the Malware Protection policy, you can specify the following:

  • Inspect Inbound and Outbound Traffic
    The Zscaler service scans HTTP (and HTTPS traffic if SSL inspection is enabled) in real time. It scans every byte of every file even if it is compressed (up to five layers of recursive compression). It scans traffic, coming in to your network as well as traffic from inside your network addressed to external destinations, for malicious content.
  • Enable to scan the following types of traffic:
    • Inspect HTTP: Enable to scan HTTP traffic (and HTTPS traffic if SSL Inspection is enabled) in real time. The Traffic Inspection setting determines whether inbound, outbound, or both types of traffic is scanned. It scans all files, including those with up to 5 layers of recursive compression.
    • Inspect FTP over HTTP: Enable to scan FTP over HTTP traffic in real time. The Traffic Inspection setting determines whether inbound, outbound, or both types of traffic is scanned. It scans all files, including those with up to 5 layers of recursive compression.
    • Inspect FTP: Enable to scan FTP traffic in real time. The Traffic Inspection setting determines whether inbound, outbound, or both types of traffic is scanned. It scans all files, including those with up to 5 layers of recursive compression.
  • Block against all of the following threats:  
    • Viruses: Programs that cause damage to systems and data.
    • Unwanted Applications: Unwanted files that are also downloaded when users download a program they want.
    • Trojans: Malware programs that are presented as beneficial or useful.
    • Worms: Programs that duplicate themselves to spread malicious code to other computers.
    • Adware: Files that automatically render advertisements/install adware.
    • Spyware: Files that covertly gather information about a person or organization.