Enable File Inspection
File inspection determines the type of a file hosted on a website and scans the file to find out more about it. The request to the file is made from the intelligent proxy. When the file is downloaded to the proxy, the file is then passed to Cisco's Advanced Malware Protection (AMP), which analyzes the file simultaneously.
It's important to note that files are scanned by both engines, but if either engine detects it as being a known bad or malicious file, it will be blocked. If both engines detect a file, AMP detection is given a higher priority in Secure Access reports and the detection will show up as an AMP event with antivirus information listed in the detail.
To review Secure Access's inspection activities, use the Security Activity Report and the Activity Search Report.
Prerequisites
- The Cisco Umbrella root certificate must be installed on all machines with SSL decryption included in their file inspection policy. For more information, see Install the Cisco Umbrella Root Certificate.
- Full admin access to the Secure Access dashboard. See Manage Accounts.
Procedure
- Navigate to Secure > Access Policy and click Add Rule and select Internet Access .

- If you're creating a new policy, Navigate to Secure > Profiles > Security Profiles.
- Click +Add or expand an existing web profile.
- In the Security and Acceptable Use Controls section, for File Inspection, click Edit.
- Enable File Inspection if it is not already enabled:

Ensure that the intelligent proxy is enabled. Although not required, we recommend enabling SSL decryption. Adding SSL decryption allows for both types of traffic (secure and insecure) to be proxied and for those files to be inspected. If you're editing an existing policy, confirm that File Inspection is enabled on the summary page (under Advanced Settings) after you’ve enabled the intelligent proxy.

Cisco Umbrella Root Certificate
The Cisco Umbrella root certificate must be installed on all machines with SSL decryption included in their file inspection policy. For more information, see Install the Cisco Umbrella Root Certificate.
To test SSL decryption with file inspection, use https://ssl-proxy.opendnstest.com/download/eicar.com
- Proceed through the policy wizard. When you reach the File Analysis step, enable File Inspection.
- Complete the wizard and click Save.
If you're testing, ensure that the policy with file inspection enabled in it is at or near the top of the policy list so that the policy takes precedence.
Manage File Inspection < Enable File Inspection > Test File Inspection
Updated 6 months ago