1. In the Forefront TMG Management console, in the tree, click the Web Access Policy node.

2. On the Tasks tab, click Configure Malware Inspection.

3. Click the Inspection Settings tab, and specify whether the malware inspection engine should attempt to clean files and what type of content should be blocked. It is recommended that you keep the default settings. Note the following:

   • When Attempt to clean infected files is enabled, files that cannot be cleaned are purged. When using trickling, Forefront TMG closes the TCP connection and records the reason in the log. When using progress notification, Forefront TMG issues an HTML page to notify the user that the file has been blocked.
     
     

     Note:
     For more information about trickling and progress notification, see Configuring malware inspection content delivery.

   • The setting Block suspicious files is designed to block files that appear to be infected with unknown malware.
     
     
   • The setting Block corrupted files is turned off by default. Turning on this setting may cause a false positive and block files that are not actually harmful.
     
     
   • The setting Block files if archive depth level exceeds is designed to block malware that arrives in archives with deep nesting to avoid detection.
     
     
   • The setting Block archive files if unpacked content is larger than (MB) is designed to avoid decompressing small archive files to a large size when unpacked.
     
     

   Note:
   To scan HTTPS traffic for malware, you must enable HTTPS inspection. For more information, see Configuring HTTPS inspection.

Concepts