Enable File Inspection

To inspect files for threats, enable the file inspection features in a web profile, then assign the web profile to an internet access rule.

File Inspection uses multiple features to evaluate for malicious files. For details, see Manage File Inspection and Analysis.

Once inspections are complete, a file is either delivered to the end user or the connection is terminated and the user is shown a block page.

Once you have enabled File Inspection, to monitor and review Umbrella's inspection activities, use the Security Activity and Activity Search reports.

Table of Contents

• Prerequisites
• Procedure

Prerequisites

• Full Admin user role. For more information, see Manage Accounts.
• Determine which options you want to enable. For details, see Manage File Inspection.
  If you will enable file analysis: Before you enable that feature, see important caveats in Enable File Analysis by Secure Malware Analytics.
  By default, File Inspection is enabled and file analysis is not.
  You must first enable File Inspection before you can enable file analysis.
• Certificates are required to decrypt traffic and detect files, and to display block notifications. For more information, see Certificates for Internet Decryption.

Procedure

1. Navigate to Secure > Profiles > Security Profiles.
2. Click +Add or expand an existing web profile.
3. In the Security and Acceptable Use Controls section, for File Inspection, click Edit.
4. Enable File Inspection if it is not already enabled:

5. Click Save.
6. If you will enable file analysis using Cisco Secure Malware Analytics, see important information and follow the procedure in Enable File Analysis by Cisco Secure Malware Analytics.
7. In the same Web profile, ensure that Decryption is enabled.

8. Choose a Web profile that has file inspection enabled when you configure internet access rules.

---

Manage File Inspection < Enable File Inspection > Enable File Analysis by Cisco Secure Malware Analytics