Hi,

We are trialling and testing Harmony SASE and have a question on the Malware protection feature. It seems there is no config related to anti-malware protections. Is this correct?

One issue we have noticed is malware seems to be picked up by the OS AV (basic W10 Microsoft Defender in this test), which i would have thought shouldn't happen? Since that would suggest that the malicious file has been downloaded to the PC. We do get a notification most of the time that the P81 agent has blocked it as well. 

Second related issue, in a webinar (i'll try and dig out the link and timestamp) it was stated that all elements were scanned and not just downloads as per some vendors we're looking at i.e, html, css, js etc. The webinar demo used the Eicar text file as example and it was blocked. However for me the Eicar text file is never blocked. I'm using the link from Eicar.org. Which links to my question about Malware config, ability to see what filetypes etc are scanned. Then as per the second point, accessing the eicar file as eicar.com gets the popup from P81 agent saying blocked, however the eicar string is displayed in the browser - blocked after file access?

Just to confirm the P81 agent is decrypting the site - looking at the TLS cert its a Perimeter 81 SWG signed one.

I'll get an isolated machine and try with some real malware in case its an anomaly with eicar test. But wanted to check if I am missing anything regarding the config. The Internet Access is the out of the box policy - Block Malicious and Risky pre-defined rules. Agent is blocking standard URL categories fine, e.g gambling sites show the block page as expected.

Thanks