Skip to content

Security Malware Protection

Dashboard Location: Security and SD-WAN > Configure > Threat Protection

Security Malware Management

Security malware protection in Meraki appliances provides comprehensive threat detection and prevention through advanced file analysis, URL reputation checking, and signature-based malware identification. This functionality enables organizations to protect against malicious downloads, prevent malware propagation, and maintain security compliance through real-time threat analysis. The malware protection system integrates with Meraki’s cloud-based threat intelligence to provide continuous updates against emerging threats while supporting customizable allow-lists for trusted files and URLs.

⚠️ License Requirement: This feature requires an Advanced Security license subscription.

Diagram

Diagram

Classes

appliance (meraki.domains.organizations.networks)

NameTypeConstraintMandatoryDefault Value
security_malwareClass[security_malware]No

security_malware (meraki.domains.organizations.networks.appliance)

NameTypeConstraintMandatoryDefault Value
modeChoicedisabled, enabledYes
allowed_urlsList[allowed_urls]No
allowed_filesList[allowed_files]No

allowed_urls (meraki.domains.organizations.networks.appliance.security_malware)

NameTypeConstraintMandatoryDefault Value
urlStringmin: 1, max: 1024Yes
commentStringmin: 1, max: 127Yes

allowed_files (meraki.domains.organizations.networks.appliance.security_malware)

NameTypeConstraintMandatoryDefault Value
sha256Stringmin: 1, max: 1024Yes
commentStringmin: 1, max: 127Yes

Examples

Example-1: The example below demonstrates security malware protection configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
networks:
- name: "!env network_name"
product_types:
- appliance
- switch
- wireless
- camera
- sensor
- cellularGateway
appliance:
security_malware:
mode: enabled
allowed_urls:
- url: "www.cisco.com"
comment: "Cisco"
- url: "*.meraki.com"
comment: "Meraki"
allowed_files:
- sha256: "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
comment: "Test File 1"
- sha256: "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
comment: "Test File 2"

Configuration Parameters

ParameterTypeRequiredDescription
security_malwareObjectYesContainer for malware protection configuration
modeStringYesMalware protection mode: “disabled” or “enabled”
allowed_urlsArrayNoList of URL patterns to allow (bypass malware scanning)
allowed_urls[n].urlStringYesURL pattern to allow (supports wildcards)
allowed_urls[n].commentStringNoDescription or comment for the allowed URL
allowed_filesArrayNoList of file hashes to allow (bypass malware scanning)
allowed_files[n].sha256StringYesSHA256 hash of the allowed file
allowed_files[n].commentStringNoDescription or comment for the allowed file