September, 2019 Release

Automatically Expire Blocked Hosts

In the Juniper Sky ATP Web UI, you can navigate to Configure>Global Configuration>Infected Hosts to set an expiration time, based on IP address and threat level, for hosts marked as infected. After the designated time-frame, all hosts or a range of IP addresses are no longer blocked. This is useful if your network allocates new IP addresses on a regular schedule using DHCP.

[See Configuration for Infected Hosts.]

Enhanced Static Detection of IOT Malware

The ELF (Executable and Linkable Format) file type is now supported for static analysis using machine learning and is automatically included in the Executable category under File Inspection Profiles.

Alternative Enrollment Procedure

Starting in Junos OS Release 19.3R1, there is now an alternative onboarding procedure you can use to perform all enrollment steps using the CLI on the SRX Series Firewall without having to access the Sky ATP Web Portal. Run the “request services advanced-anti- malware enroll” command on the SRX Series device to begin the process. Both the original enrollment process that obtains an op script from the Web Portal and the new CLI-only enroll process are valid procedures. Use either one.

[See Configuration for Infected Hosts.]

Block File with Unknown Verdict and Send User Notification on Block

Starting in Junos OS Release 19.3R1, for advanced anti-malware policies, you can now block a file when the verdict is unknown. You can also send a user notification when a block occurs. We’ve introduced the following new commands (for example): “set services advanced-anti-malware policy p1 http file-verdict-unknown (block|permit)” and “set services advanced-anti-malware policy p1 http client-notify (message|file|redirect-URL)”.

[See Enroll an SRX Series Firewall with the CLI.]