Allowlist and Blocklist Overview

An allowlist contains known trusted IP addresses, Hashes, Email addresses, and URLs. Content downloaded from locations on the allowlist does not have to be inspected for malware. A blocklist contains known untrusted IP addresses and URLs. Access to locations on the blocklist is blocked, and therefore no content can be downloaded from those sites.

Benefits of Allowlists and Blocklists

• Allowlist allows users to download files from sources that are known to be safe. Allowlist can be added to in order to decrease false positives.

• Blocklists prevent users from downloading files from sources that are known to be harmful or suspicious.

The Custom allowlists or custom blocklists allow you to add items manually. Both are configured on the Juniper ATP Cloud server. The priority order is as follows:

1. Custom allowlist

2. Custom blocklist

If a location is in multiple lists, the first match wins.

Allowlists support the following types:

• Anti-malware—IP address, URL, file hash, and e-mail sender
• SecIntel—C&C, ETI, and DNS

Blocklists support the following types:

• Anti-malware—IP address, URL, file hash, and e-mail sender
• SecIntel—C&C

Note:

• For IP and URL, The Web UI performs basic syntax checks to ensure your entries are valid.

• A hash is a unique signature for a file generated by an algorithm. You can add custom allowlist and blocklist hashes for filtering, but they must be listed in a text file with each entry on a single line. You can only have one running file containing up to 15,000 file hashes. For upload details see Create Allowlists and Blocklists. Note that Hash lists are slightly different than other list types in that they operate on the cloud side rather than the Juniper Secure Edge side. This means the web portal is able to display hits on hash items.

Juniper Secure Edge makes requests approximately every two hours for new and updated feed content. If there is nothing new, no new updates are downloaded.