Enabling or Disabling Riskware Detection Custom Policy Rules

You can enable or disable riskware detection custom policy rules by using the Malware Analysis appliance CLI:

• Enabling or Disabling Riskware Detection Custom Policy Rules Using the CLI

When you enable a particular policy rule based on riskware detection on the Malware Analysis appliance, traffic matching the submission is marked as custom riskware and it will be excluded from further analysis. When you disable a particular policy rule based on riskware detection, traffic matching the submission is not marked as custom riskware. After you have configured the Malware Analysis appliance to detect a riskware custom policy rule, you can view the analysis results on the Alerts > Riskware page in the Web UI.

Riskware detection custom policy rules support only Riskware Object alerts on the Malware Analysis appliance.

Prerequisites

• Administrator or Operator access to the Malware Analysis appliance
• An established connection to the Internet
• A connection to the DTI Cloud
• Download and install the latest security content with new riskware policy rules by using the fenet security-content apply-update command, For details about how to update security content, refer to the Malware Analysis System Administration Guide.
• Enable riskware detection. For details about how to enable riskware detection, see Enabling or Disabling Riskware Detection Using the CLI.