Creating File Inspection Profiles
Use this page to group files under a common, unique name for scanning. By grouping files together into a profile, you can choose file categories to send to the cloud rather than having to list every single type of file you want to scan, such as .tar, .exe, and .java. Once you create your profile name, select one or more check boxes to add file types to be scanned to the profile. Optionally, enter a value limit for the file type in megabytes.
Review the File Inspection Profiles Overview topic.
Note that a default profile, default_profile, is created as part of the initial configuration step. You can modify this default profile, but you cannot delete it.
If you are using the free or basic model of Juniper Advanced Threat Prevention Cloud, you are limited to only the executable file category.
To create a device profile:
- Select Configure > File Inspection Management > Profiles.
- Click the plus sign (+). Complete the configuration according to the guidelines provided in the table below.
- Click OK.
Table 1: Device Profile Settings
Enter a unique name for the profile. This must be a unique string that begins with an alphanumeric character and can include letters, numbers, and underscores; no spaces are allowed; 63-character maximum.
You can create several profiles and each profile can contain different options for how each file type is scanned. From the pulldown list for each file type, you can select:
Do not scan – This file type is not processed for scanning and is always allowed through.
Hash lookup only – Instead of the file, a sha256 hash of the file is sent for matching against known malware. This may provide a faster result because only a matching of the hash is done and all the file data does not have to be sent. The danger here is that the hash will only match known malware. If the file is a new type of malware that is not known, it will not be recognized as malicious using this method.
Scan files up to max size – The full content of the file is sent to the cloud for scanning as long as it falls within the set file size limits. If a file exceeds this limit, it is not sent to the cloud for inspection and is transferred to the client. If you do not set the maximum file size, a default of 32 MB is used.
You can create up to 32 profiles.
Juniper ATP Cloud periodically polls for new and updated content and automatically downloads it to your SRX Series device. There is no need to manually push your profile.