Help Center/ Cloud Firewall/ User Guide/ Attack Defense/ Blocking Virus-infected Files
Updated on 2024-11-04 GMT+08:00

Blocking Virus-infected Files

The anti-virus function identifies and processes virus files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus files.

The antivirus function can check access via HTTP, SMTP, POP3, FTP, IMAP4, and SMB.

Specification Limitations

Antivirus is available only in the professional edition.

Enabling Antivirus to Block Virus-infected Files

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column of a firewall to go to its details page.
  5. In the navigation pane, choose Attack Defense > Antivirus.
  6. Click to enable antivirus.

    After antivirus is enabled, Current Action is Disable by default. For details about how to change the defense action, see Modifying the Virus Defense Action for Better Protection Effect.

Modifying the Virus Defense Action for Better Protection Effect

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column of a firewall to go to its details page.
  5. In the navigation pane, choose Attack Defense > Antivirus.
  6. Click an action in the Operation column of a rule.

    • Observe: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in attack event logs but does not block it.
    • Block: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in attack event logs and blocks it.
    • Disable: The firewall does not perform virus checks on the traffic of a protocol.

Follow-up Operations

For details about the protection overview, see Viewing Attack Defense Information on the Dashboard. For details about logs, see Attack Event Logs.