Create Anti-malware Profile
Configure the anti-malware profiles for Juniper Secure Edge. The profile lets you define which files to send to the ATP cloud for inspection and the action to be taken when malware is detected.
To create an anti-malware profile:
Field |
Action |
---|---|
Name |
Enter a name for the anti-malware profile. The name must be a unique string of alphanumeric, special characters and 64 characters maximum. Special characters such as & ( ) ] ? " # are not allowed. |
Verdict threshold |
Select a threshold value from the list. The threshold value determines when a file is considered malware. If the cloud service returns a file verdict equal to or higher than the configured threshold, then that file is considered as malware. |
Protocols | |
HTTP |
Enable this option to inspect advanced anti-malware (AAMW) files downloaded by hosts through HTTP protocol. The AAMW files are then submitted to Juniper ATP Cloud for malware screening. |
Inspection profile |
Select a Juniper Advanced Threat Prevention (ATP) Cloud profile name form the list. The ATP Cloud profile defines the types of files to scan. To view the default and other inspection profiles on Juniper Secure Edge, your device must be enrolled with Juniper ATP Cloud. |
Action |
Select Permit or Block action from the list based on the known verdict of the detected malware. |
Action (unknown verdict) |
Select Permit or Block action from the list based on the detected malware having a verdict of “unknown.” |
Client Notification |
Select one of the following options to permit or block actions based on detected malware:
|
Log files that meet verdict threshold |
Click the toggle button to create a log entry when attempting to download a file that meets the verdict threshold. |
Additional Logging | |
Files below verdict threshold |
Enable this option to create a log entry when attempting to download a file that is below the verdict threshold. |
Blocklist hits |
Enable this option to create a log entry when attempting to download a file from a site listed in the blocklist file. |
Allowlist hits |
Enable this option to create a log entry when attempting to download a file from a site listed in the allowlist file. |