System requirements to support ICAP Protocol filers with ENSSP:
The basic requirements for the ICAP scanner temporary folder are as follows:
- The ICAP protocol design requires that a file to be scanned must be copied in its entirety to the scanner.
- There must be a temporary folder on the scanner to receive these files.
- The ENSSP service runs in the security context of a user account, as all services do.
- You must determine the user account.
- Determine the folder that this user account's local %TEMP% variable indicates.
- The following subfolder is created in the %TEMP% folder to host these temporary files during scan requests:
ENSSP: **\DSPIcapTempFiles\
NOTES:
- The mass storage device hosting the %TEMP% folder must have sufficient space free to host these files during scan requests.
- Mass storage is inexpensive. We recommend 100 GB or more free space to effectively eliminate the possibility of mass storage space exhaustion.
- If sufficient space is unavailable on the volume currently hosting %TEMP%, you can use a volume with sufficient space by changing the location of the %TEMP% folder to the new volume.
Endpoint Security exclusions:
Create Endpoint Security on-access scanner (OAS) and on-demand scanner (ODS) exclusions for the ICAP scanner temporary files folder:
- Create an OAS exclusion for all scan categories (in other words, Default, Low-Risk, and High-Risk).
- Create an ODS exclusion for all scan tasks for: **\DSPIcapTempFiles\.
NOTE: Apply the exclusion against subfolders.
Accept scan requests from these ICAP clients only:
You can configure this option via the ePO console. Got to
Policy Catalog,
Endpoint Security Storage Protection,
ICAP Policies,
Connections and Server,
Connection List.