Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
  - Network Security ManagerModern Security Management for today’s security landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Email Security
  - Email SecurityProtect against today’s advanced email threats
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Management and Reporting

Capture Advanced Threat Protection Feature Overview

02/17/2021 1949 25084

DESCRIPTION:

SonicWall Capture ATP is a cloud sandbox service for detecting and blocking zero-day threats at the gateway.

SonicWall Capture ATP offers:

Multiple threat engines for better threat detection
Broad file type analysis and operation system (OS) support
All GAV protocols are supported
HTTPS is supported (requires DPI-SSL)
Block until Verdict option at the gateway
Rapid deployment of remediation signatures
Extensive reporting and alerts

NOTE: To utilize Capture ATP you must be running at least SonicOS Firmware version 6.2.6.1. This Firmware is only available on Generation 6 Appliances.

RESOLUTION:

Capture Advance Threat Protection (Capture ATP) Overview:

The SonicWall Capture ATP solution is available in SonicOS 6.2.6.x and above.

Capture ATP helps SonicWall firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWall Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWall firewall. Capture ATP uses the UFTP protocol to transfer the file. UFTP stand for User Datagram Protocol (UDP) File Transfer Protocol (FTP).

The Capture ATP process of a SonicWall firewall communicating with the SonicWall Capture ATP cloud service involves six major steps:

The SonicWall firewall sends the file to SonicWall Capture ATP cloud services.
The SonicWall Capture ATP cloud services saves the file in its repository.
SonicWall Capture ATP cloud services reads and analyzes the file.
SonicWall Capture ATP cloud services. stores the results in the SonicWall Capture ATP cloud services database.
SonicWall Capture ATP cloud services access the SonicWall Capture ATP cloud services database.
SonicWall Capture ATP cloud services sends results to the SonicWall firewall.

The firewall is located in the customer premises. The SonicWall Capture ATP cloud services and database. are located at a SonicWall facility.

The FQDN of the SonicWall Capture ATP cloud services is resolved by the SonicWall firewall periodically. This FQDN is also resolved anytime it is changed by the License Manager.

With Capture ATP you get the ability to securely inspect, classify, and manage the following file types

Executables (PE, Mach-O, and DMG)
PDF
Office 97-2003 file types (.doc , .xls ,...)
Office (.docs , .xlsx ,...)
Archives ( .jar, .apk, .rar, .gz, and .zip)

NOTE: By default only the checkbox for Executables is selected, other file types must be manually selected.

SonicWall firewall send a files using Encrypted UDP File Transfer Protocol (UFTP)

UFTP Protocol benefits

Data Encryption of UDP traffic
Packet loss detection, correction and retransmissions
Can manage data duplication and unrecoverable errors

SonicWall Capture ATP support all Gateway Anti-Virus (GAV) protocols

HTTP
HTTPS (requires DPI-SSL)
FTP
SMTP
POP
IMAP
CIFS/NetBIOS
TCP

SonicWall Capture ATP's file Blocking Behavior

Allows two options:

Allow all files (this is the default options)

The allow all files options is less secure. You will get an alert if the files has been determined to be malicious after the files has been allowed on your network.

Block all files until a verdict is returned

This option is more secure, but can slow down the download of some legitimate files. This option may require the users to retry the download.
This option only applies to HTTP and HTTPS file downloads.

You can also Upload files directly to SonicWall Capture Cloud Services

Files can be uploaded to SonicWall Capture Cloud Services via the SonicWall User Interface

Navigate to Capture ATP | Status page and click Upload box for Upload a file to be scanned dialog box.
Browse and select a file, click the Upload button to send.

Capture ATP reports and alerts

Navigate to Capture ATP | Status.
Tracks files scanned in the last 30 days.
Detail list of scanned files.
The following shows an example list of files scanned.
EXAMPLE: If the file scanned is reported as Malicious, it is highlighted in RED.
Click on a file scanned for details:
EXAMPLE: Clicking on a a file that was reported as malicious.

EXAMPLE: For a file that was not reported as malicious.

Was This Article Helpful?

Yes No

Not Finding Your Answer?

ASK THE COMMUNITY

Stay In Touch

Email Address*
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time at Manage Subscriptions.
Country
Company
States
Dnb- ZIP
Dnb- Phone
elqCampaignId
elqTrackId
utm_campaign
utm_medium
utm_source
utm_term
utm_content
gclid
sfdc_campaign_id
DnB - Address
DnB - First Name
DnB - Last Name
DnB - Duns
DnB - Global Ult (HQ) DUNS
DnB - Global Ult (HQ) Company
DnB - Employee Count
DnB - Trade Name
DnB - Currency
DnB - Vanity Title
DnB - Country
DnB - State
DnB - Zip
DnB - City
DnB - Global Employee Count
DnB - SIC Code
DnB - SIC Description
DnB - NAICS Code
DnB - NAICS Description
DnB - Revenue
DnB - Domain
DnB - Business Phone
DnB - Company
DnB - DataSource
DnB - DMACode
DnB - EmployeeRange
DnB - Fortune1000
DnB - Fortune200
DnB - Industry
DnB - Postal Code
DnB - PrimarySIC
DnB - SubIndustry
DnB - PrimaryNAICS
DnB - StockTicker
DnB - Revenue Range
DnB - State or Province
DnB - Website
Phone
This field is for validation purposes and should be left unchanged.

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Advanced Threat Protection Feature Overview

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch

Capture Advanced Threat Protection Feature Overview

Categories

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch