Detection Settings

This page includes:

About detection settings

This page describes the Detection Settings tab inside each policy. For details on policies, see Policies.

The Detection Settings tab enables you to define various settings that affect the way that the browser extension detects malicious content in downloaded files and in websites.

To open the Detection Settings tab:

  1. In the Advanced Browser Security console, select Policies.

  2. Click the required policy, and then click the Detection Settings tab.

Types of detection settings

There are the following 2 types of detection settings:

File detection options

Note:

  • The minimum scan time, even for very small download files, is about 2 seconds. This is because all files must be internally downloaded [fetched] - before they can be scanned.

File detection mode

 

 

 

Disabled

The browser extension will not scan downloaded files to determine if they are malicious.

Silent

The browser extension will scan downloaded files to determine if they are malicious. All scan results will be sent to Perception Point X‑Ray - and will appear in the Scans page.

  • Downloaded files will be available to users even if the files were found to be malicious, or could not be successfully scanned.

  • No indication is given to the user if a downloaded file is found to be malicious or could not be successfully scanned.

Warn

The browser extension will scan downloaded files to determine if they are malicious. All scan results will be sent to Perception Point X‑Ray.

  • Downloaded files will be available to users even if the files were found to be malicious, or could not be successfully scanned.

  • An indication [online user notification] is displayed to the user if a downloaded file is found to be malicious or could not be successfully scanned.

Block

The browser extension will scan downloaded files to determine if they are malicious. All scan results will be sent to Perception Point X‑Ray.

  • Downloaded files will NOT be available to users if the files were found to be malicious, or could not be successfully scanned.

  • Remediation: The browser extension will attempt to delete each detected malicious downloaded file or downloaded file that could not be successfully scanned.

  • An online user notification and a block page are displayed to the user if a downloaded file is found to be malicious or could not be successfully scanned.

Block large files and encrypted files that can’t be scanned

[appears only if the Block detection mode is selected above]

When enabled, blocks the following files:

  • Files that are too large to scan.

    By default, files up to 100 MB are scanned - larger files are not scanned. Contact Perception Point Support [support@perception-point.io] if you want to modify this setting.

  • Files that are encrypted - and that therefore can't be scanned.

When this setting is not enabled, files that are too large to scan or that are encrypted will be made available to users without being scanned.

Prevent access to downloaded files until the scan is complete

[appears only if the Block or Warn detection mode is selected above]

Prevents users from accessing downloaded files in the Downloads folder - while a file is being scanned. Only after the file has been fully scanned - and found to be clean - is it made available to the user [unless a timeout is enabled - see Limit file scan time below.].

This is called the "inline" scanning mode.

You can override this setting for specified domains. For details, see File access mode override.

Note:

  • This option appears only if Block mode or Warn mode is selected for file download detection. See File detection mode above.

  • If you enable this option, it is recommended that you set a browser policy that doesn't ask the user, before downloading a file, where to save the file. This helps the inline scanning mode to function as required.

    See also the official Chrome documentation and the official Microsoft documentation .

  • Because inline scans may take a while to complete, it is recommended that you set a timeout for the maximum scan duration. See Limit file scan time below.

Limit file scan time

[appears only if the Block or Warn detection mode is selected above]

Limits the time that users must wait for a file to be scanned. If the timeout value is reached, the file will be downloaded and available to the user - even if the scan isn't complete.

The default timeout value is 15 seconds.

This limit is available only if "Prevent access to downloaded files until the scan is complete" above is enabled [i.e. when the "inline" download mode is selected].

Note:

The implemented timeout value may be slightly larger than the value specified here. This is because:

  • The timeout starts only after the file has been internally downloaded [fetched] - in preparation to be scanned.

  • The completion of the scan is checked only every 5 seconds - so in practice, up to 5 seconds may be added to the specified timeout value.

Ask users for file passwords

[appears only if the Warn or Block mode is selected above]

Note: This feature will be available after 30 August 2024.

When a user downloads a password-protected file, the user will be asked for the password to enable the file to be scanned.

  • Block mode only: If the "Block large files and encrypted files that can’t be scanned" option [see above] is enabled, and the downloaded file couldn't be opened using the password, the file will not be downloaded and the file won't be made available to the user.

    In all other scenarios, the file will be downloaded and made available to the user - even if the file could not be scanned.

  • By default, the user has 2 minutes to enter the passowrd.

Skip scans for safe file types

[appears only if the Block or Warn detection mode is selected above]

When enabled, the extension won't scan downloaded files that have the specified file extensions. It is recommended that you include only safe extensions in the ignore-scanning list.

The default extensions to ignore are: png, jpg, jpeg, and json

Website detection options

Website detection mode

Configures the behavior of detecting malicious websites:

  • Disabled: Malicious website detection is not performed.

  • Silent: Malicious website detection is performed. Incidents are reported in the Scans page of Perception Point X‑Ray. There is no user interaction - users are able to access malicious websites, and are not informed about them.

  • Warn: Malicious website detection is performed. Incidents are reported in the Scans page of Perception Point X‑Ray. Warning messages about malicious websites are displayed to users. Users can select to continue to the malicious websites.

  • Block: Malicious website detection is performed. Incidents are reported in the Scans page of Perception Point X‑Ray. Warning messages about malicious websites are displayed to users. Incidents are reported in the Scans page of Perception Point X‑Ray. Users are not permitted to continue to malicious websites.

See also: About website access

  • Use the URL allow list in Perception Point X‑Ray to allow access to a specific website and "override" the standard detection mechanisms. For details, see Configuring the "URL allowlist".

  • Use the URL block list in Perception Point X‑Ray to block access to a specific website and "override" to the standard detection mechanisms. For details, see Configuring the "URL blocklist".

Monitor password reuse

[appears only if the Block or Warn detection mode is selected above]

When enabled, Advanced Browser Security monitors end-users to determine when they reuse their passwords. Password reuse instances are included in the Perception Point X‑Ray event log.

  • Silent mode: End-users are not notified when they reuse their passwords.

  • Warn and Block modes: End-users are notified when they reuse their passwords.

Note: Advanced Browser Security doesn't store any passwords. Instead, hash values of the passwords are stored. Password reuse detection is based on the stored hash values. The hash values are stored locally, and are never sent to any server.

Show warning on suspicious websites

[appears only if the Block or Warn detection mode is selected above]

[This option may not yet be available.]

When an end-user visits a website that originated in an email, and the email has a low-reputation sender*, then a warning will be displayed for the end-user. These users should then be careful when providing credentials or downloading files from that site.

* A sender is classified as a low-reputation sender if the clean-ratio of the sender is low - that is, less than 10% of emails from that sender are clean.

File uploads

Audit file uploads

  • Enabled: When enabled, successful and blocked user-attempts to upload files will be recorded in the "Extension Activity" log.

  • Disabled: When disabled, only blocked attempts to upload files will be recorded in the "Extension Activity" log. [Successful attempts will not be recorded.]

For information about how to configure whether or not blocked upload events are recorded, see Report events.

For details about the "Extension Activity" log, see Extension Activity.

Note: Recorded file upload attempts include the name of the uploaded file. File names of uploaded files may contain sensitive personal information.

Anti-tampering

Auto-close developer tools

When enabled, the extension will attempt to close the browser's "Developer Tools" - if the tools are opened by an end-user.

See also: