Signature Details
To access the malware signature details page, go to.
- Monitor>ATP>File Scanning>HTTP File Download
- Monitor>ATP>File Scanning>Email Attachments
- Monitor>ATP>File Scanning>SMB File Download
Click Partial File tab and Phase Sig ID link to go to the Signature Details page.
Use the Signature Details page to view the malware signature details. The malware signatures are provided by Juniper ATP Cloud to the Juniper Secure Edge as well as SRX Series Firewalls. When Juniper Secure Edge detects a malware file, it can block the file immediately based on these malware signatures and the anti-malware profile. The malware signatures are shared with Juniper Secure Edge whenever there is an update in Juniper ATP Cloud. For each malware signature hit, Juniper Secure Edge provides the malware signature hit report to Juniper ATP Cloud.
This page is divided into several sections:
Report False Positive—Click this button to launch a new screen to send a report to Juniper Networks, informing if the report is a false positive or a false negative. Juniper will investigate the report; however, this does not change the verdict. If you want to make a correction (mark system as clean) you must do it manually.
Threat Level—This is the threat level assigned (0-10). This box also provides the signature file name, threat category and the action taken.
Prevalence—Provides information on how often this malware has been seen, how many individual hosts on the network downloaded the file, and the protocol used.
Downloads—List of hosts that have downloaded the suspicious file. You can view the IP address of the host. You can also view the client IP address, file name of the signature, date/time when the signature was submitted, device serial number, URL, destination IP address and username of the host.