Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create Anti-malware Profile

Configure the anti-malware profiles for Juniper Secure Edge. The profile lets you define which files to send to the ATP cloud for inspection and the action to be taken when malware is detected.

To create an anti-malware profile:

  1. Select Secure Edge > Security Subscriptions > Anti-malware.
    The Anti-malware page appears.
  2. Click + on the upper-right corner of the Anti-malware page.

    The Create Anti-malware Profile page appears.

  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK to save the changes. To discard your changes, click Cancel.

    Once you create the anti-malware profile, you can associate it with the security policies.

Table 1: Fields on the Create Anti-malware Profile Page

Field

Action

Name

Enter a name for the anti-malware profile.

The name must be a unique string of alphanumeric, special characters and 64 characters maximum. Special characters such as & ( ) ] ? " # are not allowed.

Verdict threshold

Select a threshold value from the list.

The threshold value determines when a file is considered malware. If the cloud service returns a file verdict equal to or higher than the configured threshold, then that file is considered as malware.
Protocols

HTTP

Enable this option to inspect advanced anti-malware (AAMW) files downloaded by hosts through HTTP protocol. The AAMW files are then submitted to Juniper ATP Cloud for malware screening.

Inspection profile

Select a Juniper Advanced Threat Prevention (ATP) Cloud profile name form the list. The ATP Cloud profile defines the types of files to scan.

To view the default and other inspection profiles on Juniper Secure Edge, your device must be enrolled with Juniper ATP Cloud.

Action

Select Permit or Block action from the list based on the known verdict of the detected malware.

Action (unknown verdict)

Select Permit or Block action from the list based on the detected malware having a verdict of “unknown.”

Client Notification

Select one of the following options to permit or block actions based on detected malware:

  • None

  • Redirect URL—Enter HTTP URL redirection for a customized client notification based on detected malware with the block action.

  • Redirect message—Enter the message for a customized client notification based on detected malware with the block action.

    Range: 1 through 1023

Log files that meet verdict threshold

Click the toggle button to create a log entry when attempting to download a file that meets the verdict threshold.
Additional Logging

Files below verdict threshold

Enable this option to create a log entry when attempting to download a file that is below the verdict threshold.

Blocklist hits

Enable this option to create a log entry when attempting to download a file from a site listed in the blocklist file.

Allowlist hits

Enable this option to create a log entry when attempting to download a file from a site listed in the allowlist file.