Help Center/ Cloud Firewall/ User Guide/ Attack Defense/ Configuring Virus Defense
Updated on 2025-07-23 GMT+08:00

Configuring Virus Defense

You can enable virus defense to block virus-infected files, and modify defense actions to improve security performance.

Scenario

Viruses are getting complex. Traditional antivirus measures cannot cope with them in a timely manner. CFW provides antivirus to detect and handle virus-infected files, so that they will not cause data damage, permission changes, or system breakdown.

CFW supports antivirus for HTTP, SMTP, POP3, FTP, IMAP4, and SMB protocols.

Specification Limitations

Antivirus is available only in the professional edition.

Enabling Antivirus to Block Virus-infected Files

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Attack Defense > Antivirus.
  6. Click to enable antivirus.

    After antivirus is enabled, Current Action is Disable by default. For details about how to change the action, see Modifying the Virus Defense Action for Better Protection Effect.

Modifying the Virus Defense Action for Better Protection Effect

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Attack Defense > Antivirus.
  6. In the rule list, click an action in the Operation column as needed.

    • Observe: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in attack event logs but does not block it.
    • Block: The firewall checks the traffic of a protocol. If attack traffic is detected, the firewall records it in attack event logs and blocks it.
    • Disable: The firewall does not perform virus checks on the traffic of a protocol.

Follow-up Operations

For details about the protection overview, see Viewing Attack Defense Information on the Dashboard. For details about logs, see Attack Event Logs.

References