malware_protection_policy

The following methods allow for interaction with the ZIA Malware Protection Policy Rule API endpoints.

Methods are accessible via zia.malware_protection_policy

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class MalwareProtectionPolicyAPI

Bases: APIClient

A Client object for the Malware Protection Policy resource.

get_atp_malware_inspection()

Retrieves the traffic inspection configurations of Malware Protection policy

Returns:

A tuple containing:
  • dict: The current atp malware protection policy inspection with keys:

    • inspect_inbound (bool): Enables or disables scanning of incoming internet traffic for malicious content

    • inspect_outbound (bool): Enables or disables scanning of outgoing internet traffic for malicious content

  • Response: The raw HTTP response from the API.

  • error: An error message if the request failed, otherwise None.

Return type:

tuple

Examples

Returns malware inspection settings:

>>> protocols, _, err = client.zia.malware_protection_policy.get_atp_malware_inspection()
... if err:
...     print(f"Error fetching malware inspection: {err}")
...     return
... print("Current malware inspection fetched successfully.")
... print(protocols)
get_atp_malware_policy()

Retrieves the Malware Protection Policy configuration.

Returns:

A tuple containing:
  • dict: The current atp malware protection policy inspection with keys:

    • block_unscannable_files (bool): Whether to block unscannable files.

    • block_password_protected_archive_files (bool): Whether to block password-protected archive files.

  • Response: The raw HTTP response from the API.

  • error: An error message if the request failed, otherwise None.

Return type:

tuple

Examples

Returns malware policy settings:

>>> settings, _, err = client.zia.malware_protection_policy.get_atp_malware_policy()
... if err:
...     print(f"Error fetching malware policy: {err}")
...     return
... print("Current malware policy fetched successfully.")
... print(settings)
get_atp_malware_protocols()

Retrieves the traffic protocols configurations of Malware Protection policy

Returns:

A tuple containing:
  • dict: The current atp malware protection policy protocols with keys:
    • inspect_http (bool): Enables or disables scanning of HTTP traffic

      (and HTTPS traffic if SSL Inspection is enabled) for malicious content in real time

    • inspect_ftp_over_http (bool): Enables or or disables scanning of FTP over HTTP traffic

      for malicious content in real time

    • inspect_ftp (bool): Enables or disables scanning of FTP traffic for malicious content in real time

  • Response: The raw HTTP response from the API.

  • error: An error message if the request failed, otherwise None.

Return type:

tuple

Examples

Returns malware inspection settings:

>>> protocols, _, err = client.zia.malware_protection_policy.get_atp_malware_protocols()
... if err:
...     print(f"Error fetching malware protocols: {err}")
...     return
... print("Current malware protocols fetched successfully.")
... print(protocols)
get_malware_settings()

Retrieves the malware protection policy configuration details

Returns:

A tuple containing:

  • MalwareSettings: The current malware protection policy settings object.

  • Response: The raw HTTP response returned by the API.

  • error: An error message if the request failed; otherwise, None.

Return type:

tuple

Examples

Returns malware settings:

>>> settings, _, err = client.zia.malware_protection_policy.get_malware_settings()
... if err:
...     print(f"Error fetching malware settings: {err}")
...     return
... print("Current malware settings fetched successfully.")
... print(settings)
update_atp_malware_inspection(inspect_inbound, inspect_outbound)

Updates the traffic inspection configurations of Malware Protection policy.

Parameters:

  • inspect_inbound (-) – Enables or disables scanning of incoming internet traffic for malicious content

  • inspect_outbound (-) – Enables or disables scanning of outgoing internet traffic for malicious content

Returns:

A tuple containing:

  • dict: The updated atp malware protection inspection policy.

  • Response: The raw HTTP response from the API.

  • error: An error message if the request failed, otherwise None.

Return type:

tuple

Examples

Configure Malware Inspection using settings:

>>> inspection, _, err = client.zia.malware_protection_policy.update_atp_malware_inspection(
...     inspect_inbound=True,
...     inspect_outbound=True
... )
>>> if err:
...     print(f"Error fetching malware inspection: {err}")
...     return
... print("Current malware inspection fetched successfully.")
... print(inspection)
update_atp_malware_policy(block_unscannable_files, block_password_protected_archive_files)

Updates the Malware Protection Policy configuration.

Parameters:

  • block_unscannable_files (bool) – Whether to block unscannable files.

  • block_password_protected_archive_files (bool) – Whether to block password-protected archive files.

Returns:

  • Response: The raw HTTP response from the API.

  • error: An error message if the request failed, otherwise None.

Return type:

tuple

Examples

Configure Malware Policy using settings:

>>> policy, _, err = client.zia.malware_protection_policy.update_atp_malware_policy(
...     block_unscannable_files=True,
...     block_password_protected_archive_files=True
... )
>>> if err:
...     print(f"Error fetching malware policy: {err}")
...     return
... print("Current malware policy fetched successfully.")
... print(policy)
update_atp_malware_protocols(inspect_http, inspect_ftp_over_http, inspect_ftp)

Updates the traffic protocols configurations of Malware Protection policy.

Parameters:

  • inspect_http (-) – Enables or disables scanning of HTTP traffic and HTTPS traffic if SSL Inspection is enabled for malicious content in real time

  • inspect_ftp_over_http (-) – Enables or disables scanning of FTP over HTTP traffic in real time

  • inspect_ftp (-) – Enables or disables scanning of FTP traffic for malicious content in real time

Returns:

A tuple containing:

  • dict: The updated atp malware protection protocols policy.

  • Response: The raw HTTP response from the API.

  • error: An error message if the request failed, otherwise None.

Return type:

tuple

Examples

Configure Malware Inspection using settings:

>>> protocol, _, err = client.zia.malware_protection_policy.update_atp_malware_protocols(
...     inspect_http=True,
...     inspect_ftp_over_http=True
...     inspect_ftp=True
... )
>>> if err:
...     print(f"Error fetching malware protocols: {err}")
...     return
... print("Current malware protocol fetched successfully.")
... print(protocol)
update_malware_settings(settings)

Updates the malware protection policy configuration details

Parameters:

settings (MalwareSettings) –

An instance of MalwareSettings containing the updated configuration.

Supported attributes:

Malware Protection Policy Settings: - virus_blocked (bool): Allow/block malicious programs that can harm systems and data - virus_capture (bool): Enable/disable packet capture (PCAP) for viruses - unwanted_applications_blocked (bool): Allow/block unwanted files downloaded with user programs - unwanted_applications_capture (bool): Enable/disable PCAP for unwanted applications - trojan_blocked (bool): Allow/block Trojan viruses disguised as useful software - trojan_capture (bool): Enable/disable PCAP for Trojan viruses - worm_blocked (bool): Allow/block worms that replicate and spread malicious code - worm_capture (bool): Enable/disable PCAP for worms - adware_blocked (bool): Allow/block files that auto-display ads or install adware - adware_capture (bool): Enable/disable PCAP for adware - spyware_blocked (bool): Allow/block files that covertly collect user/org data - spyware_capture (bool): Enable/disable PCAP for spyware - ransomware_blocked (bool): Allow/block ransomware that encrypts files until ransom is paid - ransomware_capture (bool): Enable/disable PCAP for ransomware - remote_access_tool_blocked (bool): Allow/block downloads from known remote access tools - remote_access_tool_capture (bool): Enable/disable PCAP for remote access tools

Returns:

A tuple containing:

  • MalwareSettings: The updated malware protection settings object.

  • Response: The raw HTTP response returned by the API.

  • error: An error message if the update failed; otherwise, None.

Return type:

tuple

Examples

Update Malware Settings by enabling Office365 and adjusting the session timeout:

>>> settings, response, err = client.zia.malware_protection_policy.update_malware_settings()
>>> if not err:
...     settings.virus_blocked = True
...     updated_settings, response, err = client.zia.malware_protection_policy.update_malware_settings(settings)
...     if not err:
...         print(f"Updated Virus Blocked: {updated_settings.virus_blocked}")
...     else:
...         print(f"Failed to update settings: {err}")