Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Sky Advanced Threat Prevention Profile Overview

    Sky ATP profiles let you define which files to send to the cloud for inspection. You can create Sky ATP profiles only with the cloud graphical interface; you cannot create the profile using CLI commands. You can, however, use CLI commands to view the profile on the SRX Series device to make sure it matches the one in the cloud.

    Instead of having to list every single type of file you want to scan, Sky ATP lets you pick file categories to send to the cloud. See Table 1.

    Table 1: File Category Contents

    Category

    Description

    Included File Types

    Active media

    Flash and Silverlight applications

    .swf, .xap, .xbap

    Archive

    Archive files

    .zip, .rar, .tar, .gzip

    Code

    Source code

    .c, .cc, .cpp, .cxx, .h, .htt, .java

    Config

    Configuration files

    .inf, .ini, .lnk, .reg, .plist

    Document

    All document types except PDFs

    .chm, .doc, .docx, .dotx, .hta, .html, .pot, .ppa, .pps, .ppt, .pptsm, .pptx, .ps, .rtf, .rtf, .txt, .xlsx, .xml, .xsl, .xslt

    Emerging threat

    A special category that includes known threat source file types

    Executable

    Executable binaries

    .bin, .com, .dat, .exe, .msi, .msm, .mst

    Java

    Java applications, archives and libraries

    .class, .ear, .jar, .war

    Library

    Dynamic and static libraries and kernel modules

    .a, .dll, .kext, .ko, .o, .so, ocx

    Mobile

    Mobile applications for iOS and Android

    .apk, .ipa

    OS package

    OS specific update applications

    .deb, .dmg

    Script

    Scripting files

    .bat, .js, .pl, .ps1, .py, .sct .sh, .tcl, .vbs, plsm, pyc, pyo

    Portable document

    PDF, e-mail and MBOX files

    .email, .mbox, .pdf, .pdfa

    Note: If you are using the free model of Sky ATP, you are limited to just the executable file category.

    You can also define the maximum file size requirement per each category to send to the cloud. If a file falls outside of the maximum file size limit, use the Sky ATP policy fallback option to either allow or deny the file to be downloaded. For more information, see Sky Advanced Threat Prevention Policy Overview.

    For more information on creating Sky ATP profiles, see the Web UI infotips and online help.

    Sky ATP periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your profile.

    To verify your updates are on your SRX Series devices, enter the following CLI command:

    show services advanced-anti-malware profile

    You can compare the version numbers or the contents to verify your profile is current.

    Advanced Anti-malware inspection profile:
    Profile Name:default_profile
    version: 1443769434
    disabled_file_types:
    { ...

    If you do not see your updates, wait a few minutes and try the command again. You might be outside the Sky ATP polling period.

    Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate the Sky ATP profile with the Sky ATP policy.

    Modified: 2017-06-07