A Malware Prevention profile determines the file categories that you want to analyze for malware, and whether you want NSX-T to send the files to the cloud for a detailed analysis.
You can use either the default Malware Prevention profile in your firewall rules or add new profiles depending on the requirements of your security policies. In the profile, you can select the file categories that NSX Malware Prevention should capture and analyze for malicious behavior. File analysis is done locally on NSX Host Transport Nodes and NSX Edge Transport Nodes that are activated for NSX Malware Prevention. If you opt to send the files to the cloud, a detailed file analysis is also done in the cloud.
In NSX-T 3.2, some restrictions apply to the file categories that are supported for Distributed Malware Prevention firewall rules. For more information, see File Categories Supported for NSX Malware Prevention.
When you apply the profile to Distributed Malware Prevention rules, NSX Malware Prevention analyzes the files that are intercepted or captured on the Host Transport Nodes. When you apply the profile to Gateway Malware Prevention rules, NSX Malware Prevention analyzes the files that are intercepted or captured on the Edge Transport Nodes.
You can add multiple Malware Prevention profiles with different configurations and use separate profiles in the Distributed Malware Prevention firewall rules and Gateway Malware Prevention firewall rules. You can use a different profile in the firewall rules of each tier-1 gateway that you have activated for NSX Malware Prevention. For example, let us say you have two profiles: A and B. In profile A configuration, you choose not to send the files to the cloud for analysis, whereas in profile B, you choose to send the files to the cloud for analysis. You use profile A for Distributed Malware Prevention rules and profile B for Gateway Malware Prevention rules.
You can attach only a single Malware Prevention profile to a firewall rule at a time. However, a single Malware Prevention profile can be attached to multiple Distributed Malware Prevention rules and Gateway Malware Prevention rules simultaneously, if required.
Prerequisites
Set up your NSX-T Data Center for NSX Malware Prevention.
For detailed instructions, see Preparing the Data Center for NSX IDS/IPS and NSX Malware Prevention.
Procedure
Results
What to do next
Attach this profile to Gateway Malware Prevention rules or Distributed Malware Prevention rules, or both, depending on the requirements of your security policies.