September, 2019 Release
New and Changed Features: September, 2019
- Automatically Expire Blocked Hosts
- Enhanced Static Detection of IOT Malware
- Alternative Enrollment Procedure
- Block File with Unknown Verdict and Send User Notification on Block
Automatically Expire Blocked Hosts
In the Juniper Sky ATP Web UI, you can navigate to Configure>Global Configuration>Infected Hosts to set an expiration time, based on IP address and threat level, for hosts marked as infected. After the designated time-frame, all hosts or a range of IP addresses are no longer blocked. This is useful if your network allocates new IP addresses on a regular schedule using DHCP.
Enhanced Static Detection of IOT Malware
The ELF (Executable and Linkable Format) file type is now supported for static analysis using machine learning and is automatically included in the Executable category under File Inspection Profiles.
Alternative Enrollment Procedure
Starting in Junos OS Release 19.3R1, there is now an alternative onboarding procedure you can use to perform all enrollment steps using the CLI on the SRX Series Firewall without having to access the Sky ATP Web Portal. Run the “request services advanced-anti- malware enroll” command on the SRX Series device to begin the process. Both the original enrollment process that obtains an op script from the Web Portal and the new CLI-only enroll process are valid procedures. Use either one.
Block File with Unknown Verdict and Send User Notification on Block
Starting in Junos OS Release 19.3R1, for advanced anti-malware policies, you can now block a file when the verdict is unknown. You can also send a user notification when a block occurs. We’ve introduced the following new commands (for example): “set services advanced-anti-malware policy p1 http file-verdict-unknown (block|permit)” and “set services advanced-anti-malware policy p1 http client-notify (message|file|redirect-URL)”.