How file filtering works

Use file filtering to scan files for malware and to restrict which file types are allowed through the firewall.

Note: File filtering is only available for the following protocols: FTP, HTTP, HTTPS, IMAP, IMAPS, POP3, and POP3S.

You can configure one or more malware detection methods that are applied to the traffic that matches the rules in the File Filtering Policy. Scanning is done in the following order:

  1. The file is checked against file reputation information in the engine's cache.

    If no match is found, the configured malware detection methods are applied to the traffic in the order listed here.

  2. The file is scanned using one of the following file reputation services:
    • McAfee® Threat Intelligence Exchange (TIE)
    • McAfee® Global Threat Intelligence™ (McAfee GTI)
  3. The file is scanned using anti-malware scan on the NGFW Engine.
  4. The file is scanned using one of the following sandboxes:
    • Cloud Sandbox — Forcepoint Advanced Malware Detection
    • Local Sandbox — Forcepoint Advanced Malware Detection

The NGFW Engine allows or blocks the file according to the action defined in the File Filtering Policy.