It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen WAN

Malware Protection

  • Last updated on

Malware Protection offers protection against advanced malware, zero-day exploits, and targeted attacks not detected by the intrusion prevention system by scanning downloaded files. The user receives the downloaded file immediately after the hash DB lookup, which compares a hash of the file with the Barracuda database to see if it is a malicious file. Simultaneously, the file is uploaded to the Barracuda Advanced Threat Protection (ATP) cloud, but only if the file is 10 megabytes or less. A rchives are unpacked and the files they contain are sent to the ATP cloud with the same restriction that only unpacked files 10 megabytes or less are sent to the ATP cloud for inspection. In the ATP cloud, those files are emulated in a virtual sandbox and their behavior is analyzed. Depending on the behavior of the file, it is assigned a threat level that is transmitted to the appliance. If the threat level exceeds the ATP threat level threshold, the file is blocked; otherwise, it is delivered.  

malware_protection.png

Malware Protection can be used for HTTP, HTTPS, FTP, and FTPS traffic. For HTTPS and FTPS, SSL Inspection must be activated.

The following file types are scanned by the Barracuda ATP cloud: 

  • Microsoft Office files – doc, docx, ppt, pps, pptx, ppsx, xls, xlsx
  • OpenOffice – rtf, open office document extensions
  • Microsoft executables – exe, msi, class, wsf
  • macOS executables 
  • PDF documents – pdf
  • Android APK files – apk
  • ZIP Archives – 7z, lzh, bz, bz2, chm, cab, zip
  • RAR Archives – rar4 and rar5
  • TAR Archives – tar
  • GZ Content – Content compressed with gzip
Risk Scores

The ATP service classifies all files in one of four categories:

  • High – Files classified as high risk exhibit behavior normally only found in malware.
  • Medium – Files classified as medium risk pose a potential risk.
  • Low – Files classified as low risk are considered to be harmless. Some residual risk remains.
  • None – No suspicious activity was detected.
Reporting

You can create reports and notifications using Azure Log Analytics Workspace. Your CloudGen WAN service must be connected to Azure Log Analytics Workspace. For more information, see How to Configure Log Streaming to Microsoft Azure Log Analytics Workspace.

Maximum Number of Scans
Scale Units GatewayMaximum Scans per MinuteMaximum Scans per Month
21002 000 000
51002 000 000
101002 000 000
141002 000 000
201002 000 000
301503 000 000
401503 000 000
602004 000 000
802505 000 000


Before You Begin

Enable/Disable Malware Protection

  1. Open https://cloudgenwan.barracudanetworks.com/  and log in with your existing Barracuda Cloud Control account.
  2. Go to SECURITY > MALWARE PROTECTION. 
  3. Click Enabled to enable/disable Malware Protection.
    enable_mp.png

Create Malware Protection Rules

  1. Open https://cloudgenwan.barracudanetworks.com/  and log in with your existing Barracuda Cloud Control account.
  2. Go to SECURITY > MALWARE PROTECTION. 
  3. Click ADD RULE.
  4. The Add New Rule window opens. Specify values for the following:
    • Name - Enter a name for the rule.
    • Description Enter a description for the rule.
    • Action - Select an action.
      SOURCE CRITERIA DESTINATION CRITERIA
      • Type   Select a type. You can choose between Application, Domain, IP/Network, and Site.
      • Application - Select an application. For more information, see How to Create Custom Applications.
    add_rule.png
  5. Click SAVE.

 



Last updated on