- The /opt is 39GB
- 10 user downloading with file size over 5GB from google drive
- The file is caching for Alti-malware scan
Because files are storing on google drive, we can not know their sizes to bypass Alti-malware scan
I want to know there is a way to terminate downloading session.
Termination of running sessions aren't possible. Please keep in mind that bypass on file.size will still take effect on big files even if file size is not provided in HTTP headers. The engine will download the limited size and then skip it from scanning as the size has been exceeded. When this rule isn't working, please create rule engine trace and feedback file before you fill new service request with tech. support for review.
I'm a little surprised.
I've watched rule traces accumulating hundreds of cycles, even to the limit (500 I think). Maybe this only happens for trickling or a progress page (with the opener enabled), which is what's needed for the antimalware scanner, and that's were it would be valuable.
I'm tempted to hack at this to see if it's really true. What one would hope is that file.size increases for each of those cycles. Maybe it doesn't; maybe it can be used like that in a rule. I wonder.
You can use such sample:
Skip Files from Scanning over 50 MB
Connection.Protocol does not equal "FTP" AND
Cycle.Name equals "Response" AND
Body.Size greater than 52428800 OR (
Header.Exists ("Content-Length") equals true AND
String.ToNumber (Header.Get ("Content-Length")) greater than 52428800)
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center