Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Email Attachments Scanning Details

Use the File Scanning Details page to view analysis information and malware behavior summaries for the downloaded file. In the Email Attachments page, click on the File Signature to go to the File Scanning Details page. This page is divided into several sections:

Report False Positives—Click the Report False Positive button to launch a new screen which lets you send a report to Juniper Networks, informing Juniper of a false position or a false negative. Juniper will investigate the report, however, this does not change the verdict. If you want to make a correction (mark system as clean) you must do it manually.

Printable View—Click this link to organize the information into a print-ready format.

The top of the page provides a quick view of the following information (scroll to the right in the UI to see more boxes):

File Summary

Table 40: General Summary Fields

Field

Definition

Threat Level

This is the assigned threat level 0-10. 10 is the most malicious.

Action Taken

The action taken based on the threat level and host settings: block or permit.

Global Prevalence

How often this file has been seen across different customers.

Last Scanned

The time and date of the last scan to detect the suspicious file.

File Name

The name of the suspicious file. Examples: unzipper-setup.exe, 20160223158005.exe,, wordmui.msi.

Category

The type of file. Examples: PDF, executable, document.

File Size

The size of the downloaded file.

Platform

The target operating system of the file. Example. Win32

Malware Name

If possible, Sky ATP determines the name of the malware.

Malware Type

If possible, Sky ATP determines the type of threat. Example: Trojan, Application, Adware.

Malware Strain

If possible, Sky ATP determines the strain of malware detected. Example: Outbrowse.1198, Visicom.E, Flystudio.

sha256 and md5

One way to determine whether a file is malware is to calculate a checksum for the file and then query to see if the file has previously been identified as malware.

In the Network Activity section, you can view information in the following tabs:

Note This section will appear blank if there has been no network activity.

In the Behavior Details section, you can view the behavior of the file on the system. This includes any processes that were started, files that were dropped, and network activity seen during the execution of the file. Dropped files are any additional files that were downloaded and installed by the original file.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit