close

keyboard_arrow_left

Table of Contents Expand all

list Table of Contents

English

show services advanced-anti-malware statistics

date_range 19-Nov-23

arrow_backward

arrow_forward

Syntax

content_copy zoom_out_map
show services advanced-anti-malware statistics
show services advanced-anti-malware malware-db-statistics

Description

Displays Juniper Advanced Threat Prevention Cloud statistics, such as total number of sessions processed, number of sessions blocked because they contained malware or were considered C&C sites. Use this command to get an overview of how much malware is being blocked on your site.

You can reset these statistics, for example when you change the Juniper Advanced Threat Prevention Cloud profile or policy, using the clear services advanced-anti-malware statistics command.

Required Privilege Level

View

Output Fields

Table 1 lists the output fields for the show services advanced-anti-malware statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show services advanced-anti-malware statistics Output Fields
Field Name	Field Description
Session interested	Number of sessions that match both the firewall policy and the Juniper Advanced Threat Prevention Cloud policy.
Session ignored	Total number of sessions where the traffic is not HTTP or HTTPS.
Session hit blocklist	Total number of sessions where the contacted server is on the Juniper ATP Cloud blocklist.
Session hit allowlist	Total number of sessions where the contacted server is on the Juniper ATP Cloud allowlist.
Session active	Number of current active sessions.
Session blocked	Number of sessions blocked for any reason.
Session permitted	Number of sessions permitted, such as when allowed through the allowlist. Basically, this is any session that is not blocked.
File submission success	Number of files successfully submitted to the Juniper ATP Cloud for inspection.
File submission failure	Number of files that were not submitted successfully to the Juniper ATP Cloud for inspection. This may occur when an error occurs while files are in the submission queue. Number of files that were blocked due to signature match.
File submission not needed	Files not submitted to the Juniper ATP Cloud for inspection because they were below minimum or above the maximum size, above the sample rate, or the submission was paused.
File verdict meets threshold	Number of files where the returned verdict is greater than or equal to the specified threshold.
File verdict under threshold	Number of files where the returned verdict is less than the specified threshold.
File fallback blocked	Number of files that were blocked due to a fallback condition.
File fallback permitted	Number of files permitted during a fallback condition.
File hit submission limit	Number of files that could not be submitted to the Juniper ATP Cloud because a rate limit fallback occurred.
Email processed	Total number of e-mail attachments sent to the Juniper ATP Cloud.
Email permitted	Total number of e-mails sent to their recipients.
Email blocked	Total number of e-mails blocked from being sent to their recipients.
Email tag-and-delivered	Number of e-mails delivered with warning headers attached. If you configured this option, headers are added to e-mails that most mail servers recognize and filter into Spam or Junk folders.
Email quarantined	Total number of e-mails quarantined due to their attachments containing malware.
Email fallback blocked	Total number of e-mails blocked from being sent to their recipient due to configured fallback settings.
Email fallback permitted	Total number of e-mails sent to their recipient due to configured fallback settings.
Email hit allowlist	E-mails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an e-mail matches the allowlist, that e-mail is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an e-mail with a malicious attachment.
Email hit blocklist	E-mails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an e-mail matches the allowlist, that email is allowed through without any scanning. If an e-mail matches the blocklist, it is considered to be malicious and is handled the same way as an e-mail with a malicious attachment.

show services advanced-anti-malware malware-database-statistics Output Fields lists the output fields for the show services advanced-anti-malware malware-database-statistics command. Output fields are listed in the approximate order in which they appear.

Table 2: show services advanced-anti-malware malware-database-statistics Output Fields
Field Name	Field Description
Malware DB type	The malware signature database type. Currently only hot-db is supported. Hot DB consists exclusively of signatures that are generated from files submitted to Juniper ATP cloud from SRX Series Firewalls and various sources.
Total signatures	Total number of malware signatures at any given time.
Malware DB version	The signature database version.
Malware DB update time	The date and time when the malware signature database was last updated.
Malware scan statistics
File scanned	Total number of files scanned by the device.
Malware found	Total number of malwares signature hits.
Malware blocked	Number of malwares blocked based on the action set for the malware signature. The detected malware file will be immediately blocked after the signature match. Full file submission to Juniper ATP cloud is blocked. SRX Series Firewall shares a notification of the malware hit event to Juniper ATP Cloud.
Malware permitted	Number of malwares permitted based on the action set for the malware signature.

Sample Output

show services advanced-anti-malware statistics
show services advanced-anti-malware malware-database-statistics