techdocs.broadcom.com
Open in
urlscan Pro
104.18.5.158
Public Scan
URL:
https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/content-analysis/3-0/Solution_AV_scan/...
Submission: On October 21 via manual — Scanned from DE
Submission: On October 21 via manual — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://www.broadcom.com/site-search
<form class="form-inline d-lg-block predictive-search-form collapse" id="header-search-control" role="search" method="GET" action="https://www.broadcom.com/site-search">
<div class="autocomplete">
<input class="form-control predictive-search ui-autocomplete-input" type="search" placeholder="SEARCH" aria-label="Search" id="bcAppSearch" name="q" autocomplete="off">
<button role="button" aria-label="Search" class="fa fa-search my-sm-0" type="submit"></button>
</div>
</form>GET https://www.broadcom.com/site-search
<form class="form-inline my-2 pt-lg-3 predictive-search-form d-none" id="bcAppMobSearchForm" role="search" method="GET" action="https://www.broadcom.com/site-search">
<div class="autocomplete">
<div class="dropdown">
<button role="button" aria-label="Search" class="fa fa-search my-2 my-sm-0 dropdown-toggle" data-toggle="dropdown" aria-expanded="false"></button>
<div class="dropdown-menu">
<input class="form-control predictive-search ui-autocomplete-input" type="search" placeholder="Search" aria-label="Search" id="bcAppMobSearch" name="q" autocomplete="off">
</div>
</div>
</div>
</form>GET /us/en/symantec-security-software/web-and-network-security/content-analysis/3-0/search.html
<form action="/us/en/symantec-security-software/web-and-network-security/content-analysis/3-0/search.html" method="GET" class="product-landing-search-form" role="search" data-call-analytics="true">
<button type="submit" aria-label="Search" class="fa fa-search product-landing-search-icon"></button>
<input type="text" id="product-landing-search" name="q" placeholder="Search this product" aria-label="Search this product. When autocomplete results are available use up and down arrows to review and enter to select." autocomplete="off"
data-searchlink="/content/broadcom/techdocs/us/en/symantec-security-software/web-and-network-security/content-analysis/3-0/search.html" data-sitetitle="Content Analysis - 3.0" data-pagename="Manually Define File Reputation "
class="ui-autocomplete-input">
</form>Text Content
MENU
* Products
* Solutions
* Support
* Company
* How to Buy
* Login
myBroadcom Account:
Login Register
Forgot Username/Password?
* Username
Edit My Profile myBroadcom Logout
* Language
* English
* 日本語
* 中文
* Login
myBroadcom Account:
Login Register
Forgot Username/Password?
* Username
Edit My Profile myBroadcom Logout
* English
日本語 中文
* Home
* Symantec Security Software
* Web and Network Security
* Content Analysis - 3.0
* Prepare to Scan for Malware
* Manually Define File Reputation
CONTENT ANALYSIS - 3.0
PDF
Version 3.0
3.1 3.0 2.4 2.3
English
English
Open/Close Topics Navigation
Product Menu
TOPICS
* About Content Analysis 3.0
* New Features in Content Analysis 3.0.1.1
* Content Analysis Caches
* Virtual Appliance Installation
* Verify VMware Requirements
* Verify System Requirements
* Verify Resource Availability
* Prepare for Initial Configuration
* Retrieve Your Serial Number
* Set Up Content Analysis
* Download and Extract the VAP File
* Create the Virtual Appliance Using vSphere Client
* Create the Virtual Appliance
* Enter Your Serial Number
* Configure the Virtual Appliance
* Access the Web Management Console
* Install the VA Appliance Certificate and License
* Configure Explicit Proxy
* Log In to the CLI
* Prevent Licensing Issues
* Deploy Content Analysis on AWS
* Complete Prerequisite Tasks
* Import and Register an AMI
* Deploy the Instance
* Install the License
* Disassociate User Data from the Instance
* First Steps
* Content Analysis Security Best Practices
* Required Ports, Protocols, and Services
* Proxy Connections Through a Gateway Device
* Route Traffic to Alternate Networks
* IPv6 in Content Analysis
* License Content Analysis
* Set the Appliance Hostname
* Synchronize the System Clock with NTP
* Set the Date/Time Manually
* Set the Time Zone
* Content Analysis Home Page
* Prepare to Scan for Malware
* Activate Licensed Components
* Define File Type Policy
* Improve Malware Scanning Results with Predictive Analysis
* Set AV Scanning Behavior Options
* Manually Scan Files for Threats
* File Reputation Service
* Manually Define File Reputation
* Drop Slow Download Connections
* Integrations
* About Malware
* The Symantec Threat Protection Solution
* Supported Anti-Malware Engines
* Scanning Services: RESPMOD vs. REQMOD
* Communication Between the ProxySG and Content Analysis Appliances
* Deployment
* Deployment Guidelines
* One ProxySG to One Content Analysis Appliance
* Redundant Appliance Topologies
* Deployment Workflow
* Configure and Install the ProxySG Appliance
* Configure and Install the Content Analysis Appliance
* Install and Configure the Malware Analysis Appliance
* Configure Symantec Appliances to Communicate
* Enable Secure ICAP Connections
* Add CAS Certificate to ProxySG
* Configure ICAP Policy on a ProxySG Appliance
* Automatically Configure an ICAP Service on the ProxySG
* Manually Configure an ICAP Service on the ProxySG
* Configure ICAP Policy
* Configure Scanning Exemption Policies
* Test the Threat Protection Policy
* Configure Malware Analysis
* Monitor ICAP Scanning
* Display ICAP Graphs and Statistics on the ProxySG
* Display Content Analysis ICAP Graphs on the ProxySG
* Display ICAP Statistical Data
* Monitor ICAP-Enabled Sessions on the ProxySG
* View Statistics on the Content Analysis Appliance
* View Malware Reports in Symantec Management Center and Reporter
* Fine-Tune the Configuration
* Improve the User Experience
* Patience Pages
* Data Trickling
* Deciding Between Data Trickling and Patience Pages
* Deferred Scanning
* Configure ICAP Feedback
* Enable Deferred Scanning
* Configure Email Alerts
* Customize the Malware Scanning Policy
* Create User-Based ICAP Policy
* Enable Web Authentication
* Create Authorization Rules
* Implement a Request Modification ICAP Service
* Create an ICAP Request Service
* Create an ICAP Request Policy - Forward Proxy/DLP
* Load Balance Multiple Content Analysis Appliances
* Specify Weight within an ICAP Service Group
* Create Load Balancing Policy
* Configure Content Analysis Failover
* Create Content Analysis Failover Policy
* Configuration Best Practices
* Conserve Scanning Resources
* Scan-and-Serve Policy Using Mirroring
* Avoid Processing of Canceled Connections
* Antivirus Scanning Best Practices
* Sandboxing Best Practices
* Troubleshoot ProxySG and Content Analysis Integration Problems
* Content Analysis is not scanning web traffic
* Users cannot access any websites
* ProxySG runs out of memory during heavy traffic load
* Scans are taking too long
* Virus counts do not include cached responses
* Vendor exception pages are outdated
* Content Analysis is not getting virus updates
* Firefox bypasses Content Analysisprocessing
* Integrate with Symantec Messaging Gateway
* About Sandboxing
* Sandbox Suspicious Files
* About On-Box Sandboxing
* Use On-box Sandboxing
* Enable On-Box Sandboxing on CA VA and S200
* Enable On-Box Sandboxing on CA S400 and S500
* Optimize Resources for On-Box Sandboxing
* Add Windows ISO File
* Add Windows Base Image
* Add and Customize IVM Profiles
* Transfer Installation Files to an IVM
* Templates for Customizing a Windows 7 IVM Profile
* Specify Task Firewall Type
* Configure Task Settings
* Configure the Dirty Line Network
* Copy iVM Profiles onto Multiple Appliances
* Configure a Symantec Malware Analysis Sandbox
* Perform Sandbox Analysis in the Cloud
* Configure a FireEye Sandbox
* Configure a Lastline Sandbox
* Configure Sandbox General Settings
* Configure Sandbox Archive Policies
* Configure Sandbox Cache Settings
* Integrate with Symantec Endpoint Protection Manager
* Configure CounterTack Sentinel Endpoint Security Verification and Reporting
* Orchestration
* Activate the VirusTotal Service
* Use the Web Reputation Service
* Use Advanced On-Box Sandboxing Features
* Configure Sandbox Reporting
* Send Sandboxing Results to Symantec Reporter
* Report Malware to Symantec GIN
* Content Analysis Reporting
* Malware Processing Reports
* Monitor Threat Activity in Statistics Overview
* View the Sandboxing Report
* Send System Statistics by Email
* View the Predictive Analysis Report
* View the File Reputation Report
* View the Whitelist and Blacklist Reports
* View Recent Threats Reports
* View Cache Hits
* View Number of Objects Scanned
* View Number of Bytes Scanned
* Connection Reports
* View Scanning Connections
* View Current Scanning Connections
* View Historical Scanning Connections
* Reports about the Appliance
* View the CPU/Memory Usage
* View Ethernet Adapter Statistics
* Perform Malware Analysis
* Malware Analysis Overview Dashboard
* Malware Analysis Processing Statistics
* Submit a Sample File for Analysis
* Submit a ZIP File Sample
* Submit a URL for Analysis
* Detect Malware by URL Category
* Create a Task for a Sample
* View Your Submitted Samples
* View All Samples
* Get Sample Details
* View Tasks You Have Created
* View All Tasks
* View Task Summary Results
* View Task Behaviors in the Dynamic Event List
* View Static Task Events
* View Task Events over Time
* Search Malware Analysis Tasks
* About Patterns
* Identify Malware Patterns
* View Pattern Group Details
* Filter the Pattern List
* Pattern Group Prefixes
* About YARA
* Apply YARA Rules
* About HTTP Archive (HAR)
* About IVM Plugins
* Administrative Tasks
* Manage Administrator Access
* Authenticate Users with Local Credentials
* Manage Certificates for HTTPS Access
* Mutual SSL Authentication (Web Browser)
* Import a Private Key for OpenSSL
* Authenticate Administrators with LDAP
* Authenticate Administrators with RADIUS
* Control Access to the Management Console
* Modify the Session Timeout Value
* Define an Administrative Login Message
* Configure Alerts
* Set Up Alert Delivery Methods
* Configure E-Mail Settings
* Configure SNMP Traps
* Configure Syslog Alerts
* Customize Alert Messages
* Manage the Appliance Licenses and Subscriptions
* Update Antivirus Pattern Files
* Symantec Antivirus Updates in a Closed Network
* Update Detection Patterns
* Install a New System Image
* Manage the System Logs
* Configure SNMP
* Set the System Log Parameters
* Review System Activities
* Archive or Restore the System Configuration
* Back Up and Restore
* Troubleshooting and Support
* Malware Analysis System Information
* Check System Health
* Review System Activities
* Review the Web Logs
* Manually Scan Files for Threats
* Troubleshoot ICAP Errors
* Troubleshooting Windows Image Upload/Download Issues
* Send Diagnostic Information to Symantec Support
* Clear File Caches
* Onboard Diagnostics
* Inspect Traffic
* Restart System Services
* Generate Core Dumps
* Reboot Corrupted System with Another Image
* Test Network Connectivity
* View and Export the System Information File
* Product Information
* Powering On the Content Analysis Appliance
* Upgrade the Content Analysis Image
* Content Analysis Hardware and Software Requirements
* Content Analysis Product Specifications
* About Content Analysis RAID
* System Telemetry — Anonymous Usage Data
* CLI Commands
* Access the Command-Line Interface
* Command Line Overview
* Standard Mode Commands
* enable
* quit
* show
* show raid
* Enable Mode Commands
* clear-cache
* clock
* configure
* diagnostics
* diagnostic-systems
* disable
* display-level
* exit
* halt
* history
* installed-systems
* logout
* ma-actions
* ma-actions api-key
* ma-actions bases imports download
* ma-actions bases imports import
* ma-actions bases list
* ma-actions profiles exports
* ma-actions profiles imports download
* ma-actions profiles imports import
* ma-actions profiles list
* pcap
* ping
* restart
* restart icap-service
* restart licensing
* restart-snmp
* restart web-management
* restore-defaults
* send
* send-test-alert
* services
* shutdown
* statistics
* test-service
* traceroute
* upload
* Configure Mode Commands
* alerts
* alerts destinations
* alerts email-alerts
* alerts syslog-alerts
* appliance-name
* authentication
* authentication certificate-auth
* authentication edit local-user-list
* authentication edit realm
* authentication ldap
* authentication radius
* authentication local-lockout
* cache
* consent-banner
* dns
* filetype-policy
* health-monitoring
* health-monitoring metric
* health-monitoring view
* icap
* icap access-list
* icap secure
* icap simple
* ictm
* ictm drop
* ictm warning
* interface
* ip
* licensing
* licensing-telemetry
* logging
* ma-settings
* ma-settings analysis
* ma-settings analytics
* ma-settings bootstrap
* ma-settings cleanup
* ma-settings health-settings
* ma-settings ivm
* ma-settings ivm customize
* ma-settings ivm_watchdog
* ma-settings main
* ma-settings nexus
* ma-settings nse
* ma-settings rapi
* ma-settings remote_syslog
* ma-settings updates
* ma-settings vtopd
* ma-settings webpulse
* message-templates
* ntp
* orchestration
* password-policy
* predictive-analysis
* proxy-settings
* reporter
* sandboxing
* sandboxing countertack
* sandboxing fireeye
* sandboxing lastline
* sandboxing real-time
* sandboxing security-analytics-settings
* sandboxing symantec-cloud-sandbox
* sandboxing symantec-endpoint-protection
* sandboxing symantec-malware-analysis
* services
* services kaspersky
* services mcafee
* services policy
* services sophos
* services symantec
* show
* snmp
* snmp agent
* snmp community
* snmp notify
* snmp system
* snmp target
* snmp usm local
* snmp usm remote
* snmp vacm group access
* snmp vacm group member
* ssh generate
* system
* timezone
* web-management
* web-management http
* web-management https
* webpulse-feedback
* Content Analysis APIs
* Content Analysis API Architecture
* Generate an API Key
* Create an API Key
* Lost API Keys
* API Client Environment
* Pass API Keys to REST API
* REST API for Malware Analysis Operations
* Common Malware Analysis API Functions
* Create an API Key
* Shut Down or Restart System
* Submit Sample File
* Submit Sample URL
* Create Task
* Get Task Statistics
* Get a Sample's Tasks
* Get Pattern Group
* Retrieve Sample Tasks
* Get Risk Score
* Retrieve Matched Patterns
* Retrieve Task Events
* Retrieve Task Resources
* Retrieve Sample Binary File
* Search for a Sample
* Search Tasks
* Search by Task Field
* Search for Task Reports
* Search for Tasks by Sample
* Scroll Through Tasks
* Aggregate Search Task Results
* Get Task Results Schema
* Delete Task
* Delete Sample
* Fetch VirusTotal Data
* Get Status of Queues
* Get Health State
* Get Database Counts
* List Current Sessions
* Download Windows Base Image
* Pull Windows Base Image from URL
* Upload Windows Base Image
* Pull Windows ISO from URL
* Upload Windows ISO File
* Install a Multi-Edition ISO File
* Export iVM Profile
* Get Exported IVM Profile Metadata
* Download Exported iVM Profile
* Import IVM Profile
* Pub-Sub API for Notifications
* Pass API Keys to the Pub-Sub API
* WebSockets and Commands
* task_complete
* task_state
* Task States
* syslog
* health
* Sample Use Cases for Pub-Sub API
* Resubmit Dropped Files
* Download PCAP for Network Traffic Analysis
* Conditional Processing
* REST API for File Submission
* Step 1: Generate an API Key
* Step 2: Subscribe to the WebSocket
* Step 3: Select IVM Profile
* Step 4: Submit Files for Evaluation
* Appendix A: Asynchronous Response Syntax
* Appendix B: POST Response Syntax
* Appendix C: Sample JSON
* Appendix D: Example Python Scripts
* Example Python Code: WebSocket Task_Complete Notifications
* Example Python Code: Submit Files to Content Analysis
* Example Python Code: WebSocket Scan Notifications
* Copyright Statement
MANUALLY DEFINE FILE REPUTATION
LAST UPDATED SEPTEMBER 21, 2021
To prevent unnecessary scanning and analysis on files for which your
organization has identified a reputation, you can add a SHA1 or SHA256 hash to
Content Analysis
with the manual Whitelist/Blacklist configuration page. This service requires no
additional subscription license; it is included with the base license for the
appliance.
During file processing,
Content Analysis
will check these lists before reaching out to the cloud-based File Reputation
service. Unlike the cloud service, the manual whitelist/blacklist configuration
results in either an allow or deny, with no further analysis. If the hash exists
in either list, the file will either be permitted without further analysis
(whitelist) or denied without further processing (blacklist).
To report false positives visit this link: https://symsubmit.symantec.com/
Show screen...
This feature is based on the SHA1 and SHA256 hash of files. You can use your
favorite third party tools (web-based and offline) to generate a SHA1 or SHA256
hash to use in your whitelist/blacklist configuration.
SEARCH FOR KNOWN FILE HASHES
If you're not sure if the file you're looking to block or allow has been added
to
Content Analysis
before, you can search each reputation list.
Select
Services > Whitelist/Blacklist
.
Paste the SHA1 hash for a file in the
Search for Hash
field in either the whitelist or blacklist. Click
Search
.
The
Search Results
dialog appears.
If the search finds the supplied hash in the selected list, the Search Results
dialog will advise that the hash exists in the custom blacklist or whitelist.
If you wish to remove the file from the selected list, click
Remove
in the
Search Results
dialog.
If the search does not locate the hash in the selected list, the Search Results
dialog will advise that the hash does not exist in the custom blacklist or
whitelist.
If you wish to add the file to the selected list, click
Add
in the
Search Results
dialog.
(Optional) When prompted, add a comment to identify the submission.
ADD A FILE HASH TO FILE REPUTATION LISTS
If you know that the a hash does not exist in the file reputation list you are
working with, you can add it.
Paste the SHA1 hash for a file to either
Add Hash to Blacklist
or
Add Hash to Whitelist
fields, depending on whether you would like to block or allow user access to
this file in future download attempts.
Optional
— When prompted, add a comment to identify the submission.
If the file is already in the hash reputation list,
Content Analysis
displays an error message.
EXPORT THE HASH BLACKLIST OR WHITELIST TO A FILE
Whenever you make changes to either hash reputation list, it's a good idea to
back up that list. Perform that backup with
Export
.
Under
Bulk Operations
in either the
Blacklist
or
Whitelist
section, click
Export
.
You are prompted to save a CSV file containing your hash reputation list. The
CSV file is named either blacklist or whitelist, followed by the date (for
example,
blacklist_
2020
-12-01.csv
).
IMPORT THE HASH BLACKLIST OR WHITELIST FROM A FILE
If you have a file reputation list that you have previously saved, you can
import it into
Content Analysis
.
Under
Bulk Operations
in either the
Blacklist
or
Whitelist
section, click
Import
.
You are prompted to browse for a CSV. Locate the desired file and click
Open
. When the upload is complete, the browser displays a confirmation dialog.
Prepare to Scan for Malware
Comments
Please log in to post comments.
*
*
*
*
* Products
* Solutions
* Support
* Company
* How to Buy
Copyright © 2005-2021 Broadcom. All Rights Reserved. The term “Broadcom” refers
to Broadcom Inc. and/or its subsidiaries.
* Privacy
* Supplier Responsibility
* Terms of Use
* Sitemap
*
*
*
*
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* TARGETING COOKIES
YOUR PRIVACY
When you visit any web site, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalised web experience. More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
BACK BUTTON BACK
Vendor Search
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All
By clicking accept, you understand that we use cookies to improve your
experience on our website. For more details, please see our Cookie Policy.
Cookies Settings Accept Cookies