show services advanced-anti-malware policy
Syntax
show services advanced-anti-malware policy policy-name
Description
The connection to the Juniper Advanced Threat Prevention Cloud is launched on-demand. It is established only when a condition is met and a file or URL must be sent to the cloud. The cloud inspects the file and returns a verdict number (1 through 10). A verdict number is a score or threat level. The higher the number, the higher the malware threat. The SRX Series Firewall compares this verdict number to the Juniper Advanced Threat Prevention Cloud policy settings and either permits or denies the session. If the session is denied, a reset packet is sent to the client and the packets are dropped from the server.
Juniper Advanced Threat Prevention Cloud policies append to the Junos OS security policies by defining the actions to take when a file is considered malware or when an attempt is made to download a file from a location that’s on a custom blocklist or allowlist.
Use this command for debugging purposes to verify the policy on the SRX Series Firewall. For example, if files are being downloaded that shouldn’t be, then use this command to verify the Juniper Advanced Threat Prevention Cloud policy settings are correct.
Options
policy policy-name |
(Optional) Display information about the specified policy. If you do not specify a policy, then basic information about all configured Juniper Advanced Threat Prevention Cloud policies are displayed. |
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show services advanced-anti-malware
policy command. Output fields are listed in the approximate
order in which they appear.
Field Name |
Field Description |
|---|---|
|
Policy Name |
Name of the Juniper Advanced Threat Prevention Cloud policy. |
|
Inspection-profile |
Name of the Juniper Advanced Threat Prevention Cloud profile. The profile determines which file types should be sent to the Juniper Advanced Threat Prevention Cloud service. |
|
Protocols |
Juniper Networks supports HTTP, HTTPS, SMTP, SMTPS, IMAP, IMAPS, and SMB protocols. |
|
Verdict-threshold |
The threshold determines when a file is considered malware. If the cloud service returns a file verdict higher than this threshold, then that file is considered malware. |
|
Action |
The action to take, permit or block, when the cloud services reports a file verdict that is higher than the threshold. |
|
Notification |
The notification action, log or no log, when a file verdict is higher than the threshold. |
|
Default-notification |
The notification action, log or no log, when a file verdict is lower than the threshold. |
|
Whitelist-notification |
The notification action, log or no log, when a client attempts to access a hostname, IP address or URL that matches an entry in the allowlist. |
|
Blocklist-notification |
The notification action, log or no log, when a client attempts to access a hostname, IP address or URL that matches an entry in the blocklist. |
|
Fallback Options |
The actions to take, permit or block and log or no log, when resources are out of limits or when error conditions occur. For example, when the connection to the cloud is broken. |
Sample Output
show services advanced-anti-malware policy
user@host> show services advanced-anti-malware policy
Advanced-anti-malware configuration:
Policy Name: SkyATP-default-log-only
Default-notification : Log
Whitelist-notification: No Log
Blacklist-notification: No Log
Fallback options:
Action: permit
Notification: Log
Protocol: HTTP
Verdict-threshold: recommended
Action: permit
Notification: Log
Inspection-profile: default
Protocol: SMTP
Verdict-threshold: recommended
Action: User-Defined-in-Cloud (Unknown)
Notification: Log
Inspection-profile: default
Protocol: IMAP
Verdict-threshold: recommended
Action: User-Defined-in-Cloud (Unknown)
Notification: Log
Inspection-profile: test
Protocol: SMB
Notification: Log
Inspection-profile: smb-test
Release Information
Command introduced in Junos OS Release 15.1X49-D33.