Help Center/ Cloud Firewall/ User Guide/ Attack Defense/ Configuring Virus Defense

Updated on 2025-07-23 GMT+08:00

View PDF

Configuring Virus Defense

You can enable virus defense to block virus-infected files, and modify defense actions to improve security performance.

Scenario

Viruses are getting complex. Traditional antivirus measures cannot cope with them in a timely manner. CFW provides antivirus to detect and handle virus-infected files, so that they will not cause data damage, permission changes, or system breakdown.

CFW supports antivirus for HTTP, SMTP, POP3, FTP, IMAP4, and SMB protocols.

Specification Limitations

Antivirus is available only in the professional edition.

Enabling Antivirus to Block Virus-infected Files

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
(Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
In the navigation pane, choose Attack Defense > Antivirus.
Click to enable antivirus.

After antivirus is enabled, Current Action is Disable by default. For details about how to change the action, see Modifying the Virus Defense Action for Better Protection Effect.

Modifying the Virus Defense Action for Better Protection Effect

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
(Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
In the navigation pane, choose Attack Defense > Antivirus.
In the rule list, click an action in the Operation column as needed.
- Observe: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in attack event logs but does not block it.
- Block: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in attack event logs and blocks it.
- Disable: The firewall does not perform virus checks on the traffic of a protocol.

Follow-up Operations

For details about the protection overview, see Viewing Attack Defense Information on the Dashboard. For details about logs, see Attack Event Logs.

References

For details about attack defense, see Attack Defense Overview.
For details about how to block network attacks, see Configuring Intrusion Prevention.

Parent Topic: Attack Defense

Previous topic: Configuring Intrusion Prevention

Next topic: Viewing Attack Defense Information on the Dashboard

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel