Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

show services advanced-anti-malware policy

 

Syntax

Release Information

Command introduced in Junos OS Release 15.1X49-D33.

Description

The connection to the Juniper Advanced Threat Prevention Cloud is launched on-demand. It is established only when a condition is met and a file or URL must be sent to the cloud. The cloud inspects the file and returns a verdict number (1 through 10). A verdict number is a score or threat level. The higher the number, the higher the malware threat. The SRX Series device compares this verdict number to the Juniper Advanced Threat Prevention Cloud policy settings and either permits or denies the session. If the session is denied, a reset packet is sent to the client and the packets are dropped from the server.

Juniper Advanced Threat Prevention Cloud policies append to the Junos OS security policies by defining the actions to take when a file is considered malware or when an attempt is made to download a file from a location that’s on a custom blocklist or allowlist.

Use this command for debugging purposes to verify the policy on the SRX Series device. For example, if files are being downloaded that shouldn’t be, then use this command to verify the Juniper Advanced Threat Prevention Cloud policy settings are correct.

Options

policy policy-name (Optional) Display information about the specified policy. If you do not specify a policy, then basic information about all configured Juniper Advanced Threat Prevention Cloud policies are displayed.

Required Privilege Level

view

List of Sample Output

show services advanced-anti-malware policy

Output Fields

Table 1 lists the output fields for the show services advanced-anti-malware policy command. Output fields are listed in the approximate order in which they appear.

Table 1: show services advanced-anti-malware policy Output Fields

Field Name

Field Description

Policy Name

Name of the Juniper Advanced Threat Prevention Cloud policy.

Inspection-profile

Name of the Juniper Advanced Threat Prevention Cloud profile. The profile determines which file types should be sent to the Juniper Advanced Threat Prevention Cloud service.

Protocols

Juniper Networks supports HTTP, HTTPS, SMTP, SMTPS, IMAP, IMAPS, and SMB protocols.

Verdict-threshold

The threshold determines when a file is considered malware. If the cloud service returns a file verdict higher than this threshold, then that file is considered malware.

Action

The action to take, permit or block, when the cloud services reports a file verdict that is higher than the threshold.

Notification

The notification action, log or no log, when a file verdict is higher than the threshold.

Default-notification

The notification action, log or no log, when a file verdict is lower than the threshold.

Whitelist-notification

The notification action, log or no log, when a client attempts to access a hostname, IP address or URL that matches an entry in the allowlist.

Blocklist-notification

The notification action, log or no log, when a client attempts to access a hostname, IP address or URL that matches an entry in the blocklist.

Fallback Options

The actions to take, permit or block and log or no log, when resources are out of limits or when error conditions occur. For example, when the connection to the cloud is broken.

Sample Output

show services advanced-anti-malware policy

user@host> show services advanced-anti-malware policy