Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SMB File Download Overview

Access the SMB File Download page from the Monitor > ATP > File Scanning > SMB File Downloads menu.

The Server Message Block (SMB) protocol enables applications or users to access files and other resources on a remote server.

Note:

SMB protocol is supported only for Security Director Cloud use cases.

The following tabs are available:

  • Full File—Displays a record of all file metadata sent to the cloud for inspection. These are the files that are sent to cloud for inspection but are not blocked based on the signature match detections and policy configurations on Juniper Secure Edge. From the Full File tab, click the file hash link to view more information, such as file details, what other malware scanners say about this file, and a complete list of hosts that downloaded this file.
  • Partial File—Partial file analysis leverages the Positive Hit Advanced Strike Engine (PHASE) to recognize signatures and determines if there is a potential malware to be blocked before the entire file is downloaded. The Partial File tab displays a record for all malware hit event for all blocked signature match detections. From the Partial File tab, click the file signature to view more information, such as file details, host that downloaded the file, and so on.

Benefits of viewing SMB File Downloads

  • Allows you to view a compiled list of suspicious downloaded files all in one place, including the signature, threat level, URL, and malware type.

  • Allows you to filter the list of downloaded files by individual categories.

Export Data—Click the Export button to download file scanning data to a CSV file. You are prompted to narrow the data download to a selected time-frame.

The following information is available on this page.

Table 1: SMB Scanning Data Fields

Field

Definition

Applicable To

File Hash

A unique identifier located at the beginning of a file that provides information on the contents of the file. The file hash can also contain information that ensures the original data stored in the file remains intact and has not been modified.

Note:

Enter text in the space at the top of the column to filter the data.

Full File

Phase Sig ID A unique identifier for each signature that is generated by Juniper ATP Cloud.

Partial File

Threat Level

The threat score.

Note:

Click the three vertical dots at the top of the column to filter the information on the page by threat level.

Full File

Partial File

Filename

The name of the file, including the extension.

Note:

Enter text in the space at the top of the column to filter the data.

Full File

Partial File

Last Submitted

The time and date of the most recent scan of this file.

Full File

Partial File

URL

The URL from which the file originated.

Note:

Enter text in the space at the top of the column to filter the data.

Full File

Partial File

Malware

The name of file and the type of threat if the verdict is positive for malware. Examples: Trojan, Application, Adware. If the file is not malware, the verdict is "clean."

Note:

Enter text in the space at the top of the column to filter the data.

Full File

Partial File

Category

The type of file. Examples: PDF, executable, document.

Note:

Enter text in the space at the top of the column to filter the data.

Full File

Partial File