Help Center User GuideWhat's New
 
X
User Guide
What's New
Contents  

File Inspection Profiles Overview

Access this page from Configure > File Inspection Management> Profiles.

Juniper ATP Cloud profiles let you define which files to send to the cloud for inspection. You can group types of files to be scanned together (such as .tar, .exe, and .java) under a common name and create multiple profiles based on the content you want scanned. Then enter the profile names on eligible SRX Series devices to apply them.

Benefits of File Inspection Profiles

  • Allows you to create file categories to send to the cloud for scanning rather than having to list every single type of file you want scanned.

  • Allows you to configure multiple scanning categories based on file type, adding and removing file types when necessary, increasing or decreasing granularity.

Table 22: File Category Contents

Category

Description

Archive

Archive files

Configuration

Configuration files

Document

All document types except PDFs

Executable

Executable binaries

ELF

Executable and Linkable Format (ELF) is a standard file format for executable files, object code, and libraries.

Java

Java applications, archives, and libraries

Library

Dynamic and static libraries and kernel modules

Mobile

Mobile formats

OS package

OS-specific update applications

PDF

PDF, e-mail, and MBOX files

Rich Application

Installable Internet Applications such as Adobe Flash, JavaFX, Microsoft Silverlight

Script

Scripting files

You can also define the maximum file size requirement per each category to send to the cloud. If a file falls outside of the maximum file size limit the file is automatically downloaded to the client system.

Note Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate it with the Juniper ATP Cloud profile.

Note If you are using the free or basic model of Juniper ATP Cloud, you are limited to only the executable file category.

Note The ELF file types support both static analysis and dynamic analysis.

Juniper ATP Cloud periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your profile.

To verify your updates are on your SRX Series devices, enter the following CLI command:

show services advanced-anti-malware profile

You can compare the version numbers or the contents to verify your profile is current.

Advanced Anti-malware inspection profile:
Profile Name:default_profile
version: 1443769434
disabled_file_types:
{ ...

If you do not see your updates, wait a few minutes and try the command again. You might be outside the Juniper ATP Cloud polling period.

Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate the Juniper ATP Cloud profile with the Juniper ATP Cloud policy.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit