Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

September, 2019 Release

New and Changed Features: September, 2019

Automatically Expire Blocked Hosts

In the Juniper Sky ATP Web UI, you can navigate to Configure>Global Configuration>Infected Hosts to set an expiration time, based on IP address and threat level, for hosts marked as infected. After the designated time-frame, all hosts or a range of IP addresses are no longer blocked. This is useful if your network allocates new IP addresses on a regular schedule using DHCP.

[See Global Configuration for Infected Hosts.]

Enhanced Static Detection of IOT Malware

The ELF (Executable and Linkable Format) file type is now supported for static analysis using machine learning and is automatically included in the Executable category under File Inspection Profiles.

Alternative Enrollment Procedure

Starting in Junos OS Release 19.3R1, there is now an alternative onboarding procedure you can use to perform all enrollment steps using the CLI on the SRX Series device without having to access the Sky ATP Web Portal. Run the “request services advanced-anti- malware enroll” command on the SRX Series device to begin the process. Both the original enrollment process that obtains an op script from the Web Portal and the new CLI-only enroll process are valid procedures. Use either one.

[See Global Configuration for Infected Hosts.]

Block File with Unknown Verdict and Send User Notification on Block

Starting in Junos OS Release 19.3R1, for advanced anti-malware policies, you can now block a file when the verdict is unknown. You can also send a user notification when a block occurs. We’ve introduced the following new commands (for example): “set services advanced-anti-malware policy p1 http file-verdict-unknown (block|permit)” and “set services advanced-anti-malware policy p1 http client-notify (message|file|redirect-URL)”.

[See Enrolling an SRX Series Device without the Juniper ATP Cloud Web Portal.]

Resolved Issues

September 2020

There are no resolved issues in this release for Juniper ATP Cloud.

June 2020

  • SATP-473 – Since Ransomware Tracker is deprecated, ransomware tracker IP feeds are not supported on Juniper Sky ATP. The option to enable these feeds has been removed from Juniper Sky ATP UI. If you had enabled the Ransomware Tracker feed earlier, you might stop receiving this feed.

  • SATP-117 – Unable to search devices on Realm Management page.

September 2019

  • PR 1457400 and PR 1456736 – Host in infected hosts feed was being auto-resolved and removed from feed with no manual intervention.

July 2019

  • PR1352313 – The Juniper Sky ATP Web Portal does not display the OS version and device name for vSRX

December 2018

  • PR1402190 – IPv6 addresses were not being correctly added to blacklist feeds.

  • PR1351544 – Tool tips for third party feeds were not appearing when clicking on the “?” in the Sky ATP Web UI.

  • PR1356443 – The modify profile screen contained errors in the file categories description.

  • PR1380649 – The command and control server details page duplicated the threat summary, total hits, protocols & ports fields when clicking on the time range links.

November 2018

  • PR1383886 – In some instances, malicious SMTP attachments were not detected correctly.

  • PR1367466 – With X-Forwarded-For (XFF) enabled on the proxy server, Sky ATP populated the portal with the proxy IP address instead of the host IP address.