SMB File Download Overview

Access the SMB File Download page from the Monitor > Files > SMB File Downloads menu.

The Server Message Block (SMB) protocol enables applications or users to access files and other resources on a remote server.

Benefits of viewing SMB File Downloads

Allows you to view a compiled list of suspicious downloaded files all in one place, including the signature, threat level, URL, and malware type.
Allows you to filter the list of downloaded files by individual categories.

Export Data—Click the Export button to download file scanning data to a CSV file. You are prompted to narrow the data download to a selected time-frame.

The following information is available on this page.

Table 1: SMB Scanning Data Fields
Field	Definition
Detection Engine	Displays the name of the detection engines with the highest confidence in threat detection. For more information, see Table 2. Other detection engines can also reach the same verdict.
Signature ID / SHA-256	If applicable, the Signature ID uniquely identifies the signature that is triggered for this detection; otherwise, the SHA-256 file hash is displayed. If a full file is uploaded to the Juniper ATP Cloud, a hash of the file is displayed in this column. If the file is blocked and the transfer is interrupted on the SRX Series Firewall, a Signature ID is displayed.
Threat Level	The threat score.
Filename	The name of the file, including the extension.
Last Submitted	The time and date of the most recent scan of this file.
URL	The URL from which the file originated.
Malware	The name of file and the type of threat if the verdict is positive for malware. Examples: Trojan, Application, Adware. If the file is not malware, the verdict is "clean."
Category	The type of file. Examples: PDF, executable, document.

SMB File Download Overview

Related Documentation