Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show services advanced-anti-malware statistics

Syntax

Description

Displays Juniper Advanced Threat Prevention Cloud statistics, such as total number of sessions processed, number of sessions blocked because they contained malware or were considered C&C sites. Use this command to get an overview of how much malware is being blocked on your site.

You can reset these statistics, for example when you change the Juniper Advanced Threat Prevention Cloud profile or policy, using the clear services advanced-anti-malware statistics command.

Required Privilege Level

View

Output Fields

Table 1 lists the output fields for the show services advanced-anti-malware statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show services advanced-anti-malware statistics Output Fields

Field Name

Field Description

Session interested

Number of sessions that match both the firewall policy and the Juniper Advanced Threat Prevention Cloud policy.

Session ignored

Total number of sessions where the traffic is not HTTP or HTTPS.

Session hit blocklist

Total number of sessions where the contacted server is on the Juniper ATP Cloud blocklist.

Session hit allowlist

Total number of sessions where the contacted server is on the Juniper ATP Cloud allowlist.

Session active

Number of current active sessions.

Session blocked

Number of sessions blocked for any reason.

Session permitted

Number of sessions permitted, such as when allowed through the allowlist. Basically, this is any session that is not blocked.

File submission success

Number of files successfully submitted to the Juniper ATP Cloud for inspection.

File submission failure

Number of files that were not submitted successfully to the Juniper ATP Cloud for inspection. This may occur when an error occurs while files are in the submission queue.

Number of files that were blocked due to signature match.

File submission not needed

Files not submitted to the Juniper ATP Cloud for inspection because they were below minimum or above the maximum size, above the sample rate, or the submission was paused.

File verdict meets threshold

Number of files where the returned verdict is greater than or equal to the specified threshold.

File verdict under threshold

Number of files where the returned verdict is less than the specified threshold.

File fallback blocked

Number of files that were blocked due to a fallback condition.

File fallback permitted

Number of files permitted during a fallback condition.

File hit submission limit

Number of files that could not be submitted to the Juniper ATP Cloud because a rate limit fallback occurred.

Email processed

Total number of e-mail attachments sent to the Juniper ATP Cloud.

Email permitted

Total number of e-mails sent to their recipients.

Email blocked

Total number of e-mails blocked from being sent to their recipients.

Email tag-and-delivered

Number of e-mails delivered with warning headers attached. If you configured this option, headers are added to e-mails that most mail servers recognize and filter into Spam or Junk folders.

Email quarantined

Total number of e-mails quarantined due to their attachments containing malware.

Email fallback blocked

Total number of e-mails blocked from being sent to their recipient due to configured fallback settings.

Email fallback permitted

Total number of e-mails sent to their recipient due to configured fallback settings.

Email hit allowlist

E-mails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an e-mail matches the allowlist, that e-mail is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an e-mail with a malicious attachment.

Email hit blocklist

E-mails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an e-mail matches the allowlist, that email is allowed through without any scanning. If an e-mail matches the blocklist, it is considered to be malicious and is handled the same way as an e-mail with a malicious attachment.

show services advanced-anti-malware malware-database-statistics Output Fields lists the output fields for the show services advanced-anti-malware malware-database-statistics command. Output fields are listed in the approximate order in which they appear.

Table 2: show services advanced-anti-malware malware-database-statistics Output Fields

Field Name

Field Description

Malware DB type

The malware signature database type. Currently only hot-db is supported.

Hot DB consists exclusively of signatures that are generated from files submitted to Juniper ATP cloud from SRX Series devices and various sources.

Total signatures

Total number of malware signatures at any given time.

Malware DB version

The signature database version.

Malware DB update time

The date and time when the malware signature database was last updated.

Malware scan statistics

File scanned

Total number of files scanned by the device.

Malware found

Total number of malwares signature hits.

Malware blocked

Number of malwares blocked based on the action set for the malware signature.

The detected malware file will be immediately blocked after the signature match. Full file submission to Juniper ATP cloud is blocked. SRX Series device shares a notification of the malware hit event to Juniper ATP Cloud.​

Malware permitted

Number of malwares permitted based on the action set for the malware signature.

Sample Output

show services advanced-anti-malware statistics

show services advanced-anti-malware malware-database-statistics

Release Information

Command introduced in Junos OS Release 15.1X49-D33.