Use the Modify Blacklist page to add email addresses, IP addresses, and URLs to the blocklist. A blocklist contains known untrusted IP addresses, URLs, and domains. Access to locations on the blocklist is blocked, and therefore no content can be downloaded from those sites.
Read the Sky ATP Email Management Overview topic.
Read the Sky ATP Malware Management Overview topic.
Compile a list of known malicious email addresses or domains to add to your blocklist. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an email with a malicious attachment, blocked and a replacement email is sent. If an email matches the allowlist, that email is allowed through without any scanning.
It is worth noting that attackers can easily fake the “From” email address of an email, making blocklists a less effective way to stop malicious emails.
Decide on the type of location you intend to define: URL or IP address.
Review the current list of entries to ensure that the item you are adding does not already exist.
To configure the blocklists:
The Feed Sources page appears.
The Modify Blacklist page appears.
Table 252: Fields on the Modify Blacklist Page
Field | Description |
|---|---|
Email List | |
Email Sender | The allowed email senders are listed here. To add more email senders to the blocklist, click the + sign. Enter the full address in the format name@domain.com or wildcard the name to permit all emails from a specific domain. For example, *@domain.com. |
Malware List | |
IP and URL | Enter an IP address or a URL.
|
To edit an existing blocklist entry, select the blocklist that you want to edit and click the pencil icon.
Sky ATP periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your blocklist files.
© 2020 Juniper Networks, Inc. All rights reserved