I have to correct myself: The default Antimalware ruleset does contain a whitelist. But the rest of my post still applies.
You just apply different antimalware scanning based that URL and make sure to not apply the default scanning.
So you could have different settings for "light scanning", "medium scanning", "heavy scanning" etc...
See this thread:
Disregard my comments on there. Erik had a good example:
URL.IsMinimalRisk<Default> equals true AND
Antimalware.Infected<Anti-Malware: Standard Setting> equals true
URL.IsMinimalRisk<Default> equals false AND
Antimalware.Infected<Anti-Malware: High Setting> equals true
The URL.IsMinimalRisk will always be true or false, so you will always get one or the other.
Thanks Jon. So there is no way to really differentiate between the different engines like before (MWG6), right?
Let's say a URL is blocked because of heuristics (is "Proactive scanning" still in use at all?) and I am sure it's false positive. There is no way I could disable heuristics for the URL while still pushing the content throuhg the AV engine?
The questioning was confusing but I'll try to clarify.
Yes, you can disable heuristics for the URL, while still pushing content through the AV engine.
You would use the method above.
URL.Host is in list [Disable Hueristics] AND
Antimalware.Infected<Anti-Malware: Heuristics disabled> equals true
URL.Host is not in list [Disable Hueristics] AND
Antimalware.Infected<Anti-Malware: Default> equals true
Thanks Jon. I should have read the other thread you linked to before asking more questions. That other thread was exactly what I was looking for. I will play with this tomorrow.