Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Create and Manage Secure Edge Anti-Malware Profiles

Anti-malware profiles lets you define which files to send to the ATP cloud for inspection and the action to be taken when malware is detected.

Create Anti-malware Profiles

  1. Select Secure Edge > Security Subscriptions > Anti-malware.
    The Anti-malware page appears.
  2. Click the plus icon (Blue plus symbol suggesting an action like adding or expanding content.) on the upper-right corner of the Anti-malware page.
    The Create Anti-malware Profile page appears.
  3. Complete the configuration according to the guidelines provided below:
    Table 1: Fields on the Create Anti-malware Profile Page

    Field

    Action

    Name

    Enter a name for the anti-malware profile.

    The name must be a unique string of alphanumeric, special characters and 64 characters maximum. Special characters such as & ( ) ] ? " # are not allowed.

    Verdict threshold

    Select a threshold value from the list.

    The threshold value determines when a file is considered malware. If the cloud service returns a file verdict equal to or higher than the configured threshold, then that file is considered as malware.
    Protocols

    HTTP

    Enable this option to inspect advanced anti-malware (AAMW) files downloaded by hosts through HTTP protocol. The AAMW files are then submitted to Juniper ATP Cloud for malware screening.

    Inspection profile

    Select a Juniper Advanced Threat Prevention (ATP) Cloud profile name form the list. The ATP Cloud profile defines the types of files to scan.

    To view the default and other inspection profiles on Juniper Secure Edge, your device must be enrolled with Juniper ATP Cloud.

    Action

    Select Permit or Block action from the list based on the known verdict of the detected malware.

    Action (unknown verdict)

    Select Permit or Block action from the list based on the detected malware having a verdict of “unknown.”

    Client Notification

    Select one of the following options to permit or block actions based on detected malware:

    • None

    • Redirect URL—Enter HTTP URL redirection for a customized client notification based on detected malware with the block action.

    • Redirect message—Enter the message for a customized client notification based on detected malware with the block action.

      Range: 1 through 1023

    Log files that meet verdict threshold

    Click the toggle button to create a log entry when attempting to download a file that meets the verdict threshold.
    Additional Logging

    Files below verdict threshold

    Enable this option to create a log entry when attempting to download a file that is below the verdict threshold.

    Blocklist hits

    Enable this option to create a log entry when attempting to download a file from a site listed in the blocklist file.

    Allowlist hits

    Enable this option to create a log entry when attempting to download a file from a site listed in the allowlist file.
  4. Click OK to save the changes. To discard your changes, click Cancel.

    Once you create the anti-malware profile, you can associate it with the security policies.

Manage Anti-malware Profiles

  • Edit—Select the profile, and then click the pencil icon (). If the anti-malware profile is referenced in a firewall policy intent, then the firewall policy is marked for deployment. You must deploy the firewall policy for the changes to take effect on the device

  • Clone—Select the profile, and then click More > Clone.

  • Delete—Select the profile, and then click the trash can icon ().