Configuring malware inspection

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Using Forefront TMG, you can inspect outbound HTTP traffic for malware (such as, worms, viruses, and spyware). By enabling malware inspection on Web access rules, the Malware Inspection Filter scans Web pages and files that were requested by client computers, and either cleans harmful HTTP content or blocks it from entering the corpnet.

Note

Outbound inspection refers to HTTP requests that originate from clients on networks protected by Forefront TMG.

Malware inspection can be configured on both a global level for all the members of an array, and a per-access rule level. For general information about malware inspection, see Planning to protect against malicious web content.

Configuring global malware settings

The following topics describe how to configure global malware inspection settings:

• Enabling malware inspection—Describes how to enable malware protection on Forefront TMG.

• Configuring malware inspection options—Describes how to configure threshold levels and other scanning options.

• Defining exemptions to malware inspection—Describes how to specify sources or destinations that you want to exempt from malware inspection.

• Configuring malware inspection content delivery—Describes how to set the method by which clients should be informed of the progress of file downloads and other content, as they are being inspected.

• Configuring malware definition updates—Describes how to configure the automatic updating of malware definitions and the malware engine.

• Configuring the malware inspection storage location—Describes how to specify a location for storing files during the inspection process.

Configuring malware settings per rule

For instructions on how to configure malware for individual access rules, see the topic Configuring web access rule properties. Specifically, see:

• Modify malware inspection settings for a rule—Describes how to enable malware inspection and configure custom malware settings for a specific rule.

• Modify denial notification—Describes how to create a custom message for users when Forefront TMG denies access to malware-infected Web content.

Related Topics

Tasks

Configuring web access rule properties

Concepts

Configuring protection from web-based threats
Planning to protect against malicious web content