Netskope Help

Creating a Malware Detection Profile

You can extend the default Netskope malware scan by creating custom malware detection profiles. In the malware detection profile, you can select the file profile as an allowlist or a blocklist. For example, you can include known malicious hashes sourced from other intelligence sources in the blocklist. You also can add known good files (e.g., proprietary content specific to the organization) to the allowlist so Netskope flag them as suspicious.

To create a malware detection profile:

  1. Go to Policies > Threat Protection.

  2. In the Malware Detection Profiles tab, click New Malware Detection Profile.

  3. Under Threat Scan, click Next. The Netskope malware scan is selected by default. You can't modify this field.

    The Default Malware Scan option under Threat Scan.
  4. Under Allowlist, select the file profile that's associated with the files you want to allow in your organization. You also can search for a profile.

    The selected file profile under Allowlist.
  5. Click Next.

  6. Under Blocklist, select the file profile that's associated with the files you want to block in your organization. You also can search for a profile.

    The selected file profile under Blocklist.
  7. Click Next.

  8. Under Set Profile, enter a name for the profile.

    The Profile Name option under Set Profile.
  9. Click Save Malware Detection Profile.

  10. Click Apply Changes.

You can select the custom malware detection profile when configuring the Real-time Protection policy.