Test File Inspection

After setting up file inspection, we recommend that you check your configured web profile and internet access rules. You can evaluate File Inspection by pointing your browser to one of our test files.

Prerequisites

• A source device that is known to have access controlled by Secure Access.
• An internet access rule near the top of the rule order that has a web profile with File Inspection enabled.
  To ensure that the traffic is not blocked by other security features, test the web profile in a rule that has all other security and acceptable use features disabled. Ensure that no other rule in the access policy hits the traffic first.

Procedure

1. Browse to one of Cisco's EICAR test files.

2. After loading a File Inspection test file, you should see a block page. Diagnostic information includes details about which server the file went through. If you do not see a block page, see Troubleshoot File Inspection.

Block Page Diagnostic Information

Block page diagnostic information identifies the hostname of the reputation authority. When proxying a domain or URL, Secure Access evaluates the destination in two phases.

1. Secure Access receives a request and checks the reputation of the domain or URL. If the destination is known to be malicious, Secure Access blocks the request and displays a block page. The block page diagnostic information lists the Server as nginx.
2. Next, Secure Access checks if a destination matches a security category or is blocked by an internet access rule. If a destination is not blocked, then Secure Access retrieves any requested content from the URL, then scans the requested files by file inspection (antivirus and AMP). If a file is malware, Secure Access returns a block page. The block page diagnostic information lists the Server as mps.

---

Enable Threat Grid Malware Analysis < Test File Inspection > Troubleshoot File Inspection