In order for MWG to be able to scan HTTPS traffic the SSL scanner must be enabled. Do you have it fully enabled?
Ya, I made it fully enabled & it works but i want to know 2 things:-
1) If i made it fully enabled will other rules in this ruleset might leads to some problem i.e.blochking a legitimate traffic
2) How can i enabled it only for my purpose as mentioned above i.e blocking ssl traffic only for the files containing malware
Enabling the SSL scanner ruleset simply allows the Webgateway to decrypt the SSL traffic going through it, before passing it to the other common rules (including the Anti-Malware ruleset)
If you are using the default SSL scanner ruleset and it works properly, the HTTPS eicar files you are downloading will be blocked.
If it doesn't block the files, your SSL Scanner ruleset is not working properly.
Best would be to show us what your ruleset looks like.
No actually I think u didnt fully got my point....
I enabled SSL scanner ruleset & its working fine with Anti-Malware ruleset buwt i just want 2 know that for using Anti-Malware Ruleset what are rules i need to enable within SSL ruleset & if i fully enable it how will it effect other ruleset..
If my understanding is right, you would want to enable your SSL scanner for malware detection only and not for every traffic.
Enabling SSL scanner will do for your malware scanning of encrypted sites. But I guess you cannot do an SSL scanning only for malware detection alone as you would not know which secured sites or file are malware-infected.
The best way I think is to enable SSL scanning categorically. For categories that you think will most likely be infected with malwares/virus, enable the SSL scanner. These could be web storage, software/hardware, shareware/freeware, internet svcs, all the ctgies under 'Risk',etc.
The only effect I could see on this is with regards to certificates as the MWG would need to decrypt and re-encrypt the traffic when SSL scanner is enabled. It is either you could import a root CA to your MWG or you can use a self-signed cert and deploy these to your clients.
Thanks for the update...
Philiprey's method is one way to do it, but it leaves your endpoints a bit more at risk than if you take the "scan everything with some exceptions" approach.
There are a lot of categories outside of "web storage, software/hardware, shareware/freeware, internet svcs" that would expose your endpoints to malicious attacks.
The only categories I wouldn't want to scan for privacy concerns would be 'banking' and 'stock trading', but I guess this all depends on your employer's internet usage rules etc.
I second malware-alerts' note. It is indeed a hole in your network security-wise if you leave some secured sites unscanned.
Since, you would be enabling SSL scanner, might as well apply to everything except for sites like banking.
What I was saying in my response above is more on a 'scan everything except' approach as well, exempting confidential sites like banking and health.