Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

File Inspection Profiles Overview

Access this page from Configure > File Inspection Management> Profiles.

Juniper ATP Cloud profiles let you define which files to send to the cloud for inspection. You can group types of files to be scanned together (such as .tar, .exe, and .java) under a common name and create multiple profiles based on the content you want scanned. Then enter the profile names on eligible SRX Series Firewalls to apply them.

Benefits of File Inspection Profiles

  • Allows you to create file categories to send to the cloud for scanning rather than having to list every single type of file you want scanned.

  • Allows you to configure multiple scanning categories based on file type, adding and removing file types when necessary, increasing or decreasing granularity.

Table 1: File Category Contents

Category

Description

File Types

Archive

Archive files

.zip, .rar, .tar, .gzip

Configuration

Configuration files

.inf, .ini, .lnk, .reg, .plist

Document

All document types except PDFs

.chm, .doc, .docx, .dotx, .hta, .html, .pot, .ppa, .pps, .ppt, .pptsm, .pptx, .ps, .rtf, .txt, .xlsx, .xml, .xsl, .xslt

Executable

Executable binaries

.bin, .com, .dat, .exe, .msi, .msm, .mst

ELF

Executable and Linkable Format (ELF) is a standard file format for executable files, object code, and libraries.

 

Java

Java applications, archives, and libraries

.class, .ear, .jar, .war

Library

Dynamic and static libraries and kernel modules

.a, .dll, .kext, .ko, .o, .so, .ocx

Mobile

Mobile formats

.apk, .ipa

OS package

OS-specific update applications

.deb, .dmg

PDF

PDF, e-mail, and MBOX files

.email, .mbox, .pdf, .pdfa

Rich Application

Installable Internet Applications such as Adobe Flash, JavaFX, Microsoft Silverlight

.swf, .xap, .xbap

Script

Scripting files

.bat, .js, .pl, .ps1, .py, .sct, .sh, .tcl, .vbs, plsm, pyc, pyo

You can also define the maximum file size requirement per each category to send to the cloud. If a file falls outside of the maximum file size limit the file is automatically downloaded to the client system.

Note:

Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate it with the Juniper ATP Cloud profile.

Note:

If you are using the free or basic model of Juniper ATP Cloud, you are limited to only the executable file category.

Note:

The ELF file types support both static analysis and dynamic analysis.

Juniper ATP Cloud periodically polls for new and updated content and automatically downloads it to your SRX Series Firewall. There is no need to manually push your profile.

To verify your updates are on your SRX Series Firewalls, enter the following CLI command:

You can compare the version numbers or the contents to verify your profile is current.

Advanced Anti-malware inspection profile: Profile Name:default_profile version: 1443769434 disabled_file_types: { ...

If you do not see your updates, wait a few minutes and try the command again. You might be outside the Juniper ATP Cloud polling period.

Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate the Juniper ATP Cloud profile with the Juniper ATP Cloud policy.