Security Malware Protection

Dashboard Location: Security and SD-WAN > Configure > Threat Protection

Security Malware Management

Security malware protection in Meraki appliances provides comprehensive threat detection and prevention through advanced file analysis, URL reputation checking, and signature-based malware identification. This functionality enables organizations to protect against malicious downloads, prevent malware propagation, and maintain security compliance through real-time threat analysis. The malware protection system integrates with Meraki’s cloud-based threat intelligence to provide continuous updates against emerging threats while supporting customizable allow-lists for trusted files and URLs.

⚠️ License Requirement: This feature requires an Advanced Security license subscription.

Diagram

Classes

appliance (meraki.domains.organizations.networks)

Name	Type	Constraint	Mandatory	Default Value
security_malware	Class	`[security_malware]`	No

security_malware (meraki.domains.organizations.networks.appliance)

Name	Type	Constraint	Mandatory
mode	Choice	`disabled`, `enabled`	Yes
allowed_urls	List	`[allowed_urls]`	No
allowed_files	List	`[allowed_files]`	No

allowed_urls (meraki.domains.organizations.networks.appliance.security_malware)

Name	Type	Constraint	Mandatory	Default Value
url	String	min: `1`, max: `1024`	Yes
comment	String	min: `1`, max: `127`	Yes

allowed_files (meraki.domains.organizations.networks.appliance.security_malware)

Name	Type	Constraint	Mandatory	Default Value
sha256	String	min: `1`, max: `1024`	Yes
comment	String	min: `1`, max: `127`	Yes

Examples

Example-1: The example below demonstrates security malware protection configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          networks:
            - name: "!env network_name"
              product_types:
                - appliance
                - switch
                - wireless
                - camera
                - sensor
                - cellularGateway
              appliance:
                security_malware:
                  mode: enabled
                  allowed_urls:
                    - url: "www.cisco.com"
                      comment: "Cisco"
                    - url: "*.meraki.com"
                      comment: "Meraki"
                  allowed_files:
                    - sha256: "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
                      comment: "Test File 1"
                    - sha256: "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
                      comment: "Test File 2"

Configuration Parameters

Parameter	Type	Required	Description
`security_malware`	Object	Yes	Container for malware protection configuration
`mode`	String	Yes	Malware protection mode: “disabled” or “enabled”
`allowed_urls`	Array	No	List of URL patterns to allow (bypass malware scanning)
`allowed_urls[n].url`	String	Yes	URL pattern to allow (supports wildcards)
`allowed_urls[n].comment`	String	No	Description or comment for the allowed URL
`allowed_files`	Array	No	List of file hashes to allow (bypass malware scanning)
`allowed_files[n].sha256`	String	Yes	SHA256 hash of the allowed file
`allowed_files[n].comment`	String	No	Description or comment for the allowed file