Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


About the Anti-malware Page

You are here: Security Services > Advanced Threat Prevention > Anti-malware.

SRX Series Firewalls use intelligence provided by Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud) to remediate malicious content using security policies. If configured, security policies block the content before it is delivered to the destination address.

The anti-malware profile defines the content to scan for any malware and the action to be taken when malware is detected. Juniper ATP Cloud uses a pipeline approach to analyzing and detecting malware. If an analysis reveals that the file is malware, it is not necessary to continue the pipeline to further examine the malware.

Tasks You Can Perform

You can perform the following tasks from this page:

  • Associate anti-malware profiles with security policies. To do this:

    1. Click Security Policies under the Anti-malware page title to directly navigate to the Security Policies page.

    2. Click + to add a new rule or click the pencil icon to edit an existing rule.

    3. Select the anti-malware profile under Advance Services to a specific policy. For more information, see Add a Rule to a Security Policy.

  • Create an anti-malware profile. See Create an Anti-malware Profile.

  • Edit an anti-malware profile. See Edit an Anti-malware Profile.

  • Delete an anti-malware profile. See Delete an Anti-malware Profile.

  • Clone an anti-malware profile. To do this:

    1. Select an existing anti-malware profile to clone.

    2. Select Clone from the More link.

      The Clone Anti-malware Profile page opens with editable fields. For more information on the options, see Create an Anti-malware Profile.

  • Show or hide columns in the Anti-malware table. To do this, use the Show Hide Columns icon in the upper-right corner of the page, and select the options to show or deselect to hide options on the page.

  • Advanced search for anti-malware profile. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. In the search text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.

    For an advanced search:

    1. Enter the search string in the text box.

      Based on your input, a list of items from the filter context menu opens.

    2. Select a value from the list and then select a valid operator to perform the advanced search operation.


      Press Spacebar to add an AND operator or an OR operator to the search string. Press backspace at any point of time while entering a search criteria, only one character is deleted.

    3. Press Enter to display the search results in the grid.

Field Descriptions

Table 1 describes the fields on the Anti-malware page.

Table 1: Fields on the Anti-malware Page




Displays the anti-malware profile name.

Verdict threshold

Displays the threshold value to determine when a file is considered malware.


Displays whether the protocol is HTTP, IMAP, SMB, and/or SMTP. Mouse over the protocol name to view the configuration details of inspection profile, action, and logs.

Additional Logging

Displays whether the additional logs configured are files under verdict threshold, Allowlist, and/or Blocklist.