Creating Malware Policy Rules

To create a malware policy rule

1. In the Rule Name field, enter the name you want to use to identify the rule.
2. From the Mode dropdown list, select the mode in which you want the DLP policy rule to operate:
   • Monitor only
   • Detect and Prevent
3. In the Scope section, either:
   • Select All users and groups (all licensed users) to have the policy rule apply to all users.
   • In the Specific users and groups list, select the specific users or user groups to which the policy should apply or be excluded from being applied.
4. In the Advanced > Security Tools section, select All running threat detection tools to use all of the activated Security Tools. (This is on by default.) If you unselect this option, you can then select which specific Security Tools are used.
5. In the Advanced > Actions section:
   1. Select Quarantine drive files to quarantine detected files to the quarantine folder defined in your Cloud App Security configuration.
   2. Select Alert file owner of malware to notify the user sharing the file when possible malware is detected.
      • Click the gears icon to modify the email message sent to the file owner.
   3. Select Alert admin(s) to notify administrators when possible malware is detected.
      • Click the gears icon to modify the email message sent to administrators.
      • Click the users icon to select which administrators should receive the message.
6. Click Save and Apply.