HTTPS-Based Malware Not Detected
If your HTTPS-based malware is not detected by Sky ATP, the root certificate on your SRX Series device (for HTTPS forward proxy) may be invalid. This may occur when the CA profile name is not correct. It must be named policyEnforcer.
root@host# set security pki policyEnforcer ssl-inspect-ca ca-identity ssl-inspect-ca
root@host# set security pki policyEnforcer ssl-ca ca-identity ssl-ca
For more information on loading root certificates with Policy Enforcer, see Loading a Root CA.