File Inspection Profiles Overview
Access this page from Configure > File Inspection Management> Profiles.
Juniper ATP Cloud profiles let you define which files to send to the cloud for inspection. You can group types of files to be scanned together (such as .tar, .exe, and .java) under a common name and create multiple profiles based on the content you want scanned. Then enter the profile names on eligible SRX Series Firewalls to apply them.
Benefits of File Inspection Profiles
Allows you to create file categories to send to the cloud for scanning rather than having to list every single type of file you want scanned.
Allows you to configure multiple scanning categories based on file type, adding and removing file types when necessary, increasing or decreasing granularity.
Category |
Description |
File Types |
---|---|---|
Archive |
Archive files |
.zip, .rar, .tar, .gzip |
Configuration |
Configuration files |
.inf, .ini, .lnk, .reg, .plist |
Document |
All document types except PDFs |
.chm, .doc, .docx, .dotx, .hta, .html, .pot, .ppa, .pps, .ppt, .pptsm, .pptx, .ps, .rtf, .txt, .xlsx, .xml, .xsl, .xslt |
Executable |
Executable binaries |
.bin, .com, .dat, .exe, .msi, .msm, .mst |
ELF |
Executable and Linkable Format (ELF) is a standard file format for executable files, object code, and libraries. |
|
Java |
Java applications, archives, and libraries |
.class, .ear, .jar, .war |
Library |
Dynamic and static libraries and kernel modules |
.a, .dll, .kext, .ko, .o, .so, .ocx |
Mobile |
Mobile formats |
.apk, .ipa |
OS package |
OS-specific update applications |
.deb, .dmg |
|
PDF, e-mail, and MBOX files |
.email, .mbox, .pdf, .pdfa |
Rich Application |
Installable Internet Applications such as Adobe Flash, JavaFX, Microsoft Silverlight |
.swf, .xap, .xbap |
Script |
Scripting files |
.bat, .js, .pl, .ps1, .py, .sct, .sh, .tcl, .vbs, plsm, pyc, pyo |
You can also define the maximum file size requirement per each category to send to the cloud. If a file falls outside of the maximum file size limit the file is automatically downloaded to the client system.
Once the profile is created, use the set services advanced-anti-malware policy CLI command to associate it with the Juniper ATP Cloud profile.
If you are using the free or basic model of Juniper ATP Cloud, you are limited to only the executable file category.
The ELF file types support both static analysis and dynamic analysis.
Juniper ATP Cloud periodically polls for new and updated content and automatically downloads it to your SRX Series Firewall. There is no need to manually push your profile.
To verify your updates are on your SRX Series Firewalls, enter the following CLI command:
show services advanced-anti-malware profile
You can compare the version numbers or the contents to verify your profile is current.
Advanced Anti-malware inspection profile:
Profile Name:default_profile
version: 1443769434
disabled_file_types:
{ ...
If you do not see your updates, wait a few minutes and try the command again. You might be outside the Juniper ATP Cloud polling period.
Once the profile is created, use the set services advanced-anti-malware
policy
CLI command to associate the Juniper ATP Cloud profile
with the Juniper ATP Cloud policy.