Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Capture Advanced Threat Protection Feature Overview

12/24/2021 2,083 People found this article helpful 113,896 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    SonicWall Capture ATP is a cloud sandbox service for detecting and blocking zero-day threats at the gateway.

    SonicWall Capture ATP offers:

    • Multiple threat engines for better threat detection
    • Broad file type analysis and operation system (OS) support
    • All GAV protocols are supported
    • HTTPS is supported (requires DPI-SSL)
    • Block until Verdict option at the gateway
    • Rapid deployment of remediation signatures
    • Extensive reporting and alerts

    NOTE: To utilize Capture ATP you must be running at least SonicOS Firmware version 6.2.6.x. This Firmware is only available on Generation 6 Appliances.

    Resolution

    Resolution for SonicOS 7.X

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.




    Capture Advance Threat Protection (Capture ATP) Overview:

    Capture ATP helps SonicWall firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWall Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWall firewall. Capture ATP uses the UFTP protocol to transfer the file. UFTP stand for User Datagram Protocol (UDP) File Transfer Protocol (FTP).

    The Capture ATP process of a SonicWall firewall communicating with the SonicWall Capture ATP cloud service involves six major steps:

    1. The SonicWall firewall sends the file to SonicWall Capture ATP cloud services.
    2. The SonicWall Capture ATP cloud services saves the file in its repository.
    3. SonicWall Capture ATP cloud services reads and analyzes the file.
    4. SonicWall Capture ATP cloud services. stores the results in the SonicWall Capture ATP cloud services database.
    5. SonicWall Capture ATP cloud services access the SonicWall Capture ATP cloud services database.
    6. SonicWall Capture ATP cloud services sends results to the SonicWall firewall.

    The firewall is located in the customer premises. The SonicWall Capture ATP cloud services and database. are located at a SonicWall facility.

    The FQDN of the SonicWall Capture ATP cloud services is resolved by the SonicWall firewall periodically. This FQDN is also resolved anytime it is changed by the License Manager.

    Image 

    With Capture ATP you get the ability to securely inspect, classify, and manage the following file types

    • Executables (PE, Mach-O, and DMG)
    • PDF
    • Office 97-2003 (.doc , .xls , etc.)
    • Office (.docs , .xlsx , etc.)
    • Archives ( .jar, .apk, .rar, .bz2, .bzip2, .7z, .xz, .gz, and .zip)

     Image

     NOTE: By default none of the checkboxes for file types is selected. Required file types must be manually selected.
     

    SonicWall firewall sends a file using Encrypted UDP File Transfer Protocol (UFTP)

    UFTP Protocol benefits

    • Data Encryption of UDP traffic
    • Packet loss detection, correction and retransmissions
    • Can manage data duplication and unrecoverable errors


    SonicWall Capture ATP support all Gateway Anti-Virus (GAV) protocols

    • HTTP
    • HTTPS (requires DPI-SSL)
    • FTP
    • SMTP
    • POP
    • IMAP
    • CIFS/NetBIOS
    • TCP


    SonicWall Capture ATP's file Blocking Behavior

    Allows two options:

    Allow all files (this is the default options)

    • The allow all files options is less secure. You will get an alert if the files has been determined to be malicious after the files has been allowed on your network.

    Block all files until a verdict is returned

    • This option is more secure, but can slow down the download of some legitimate files. This option may require the users to retry the download.
    • This option only applies to HTTP and HTTPS file downloads.


    You can also Upload files directly to SonicWall Capture Cloud Services

    Files can be uploaded to SonicWall Capture Cloud Services via the SonicWall User Interface

    1. Navigate to Policy | Capture ATP | Scanning History and click  Submit a Sample box for Submit a Sample dialog box.
    2. Browse and select a file, click the Upload button to send.

    Files can also be uploaded from Home | Dashboard | Capture ATP page by clicking the Submit a Sample box.

    Image

    Capture ATP reports and alerts

    • Navigate to Home | Dashboard | Capture ATP.
    • Track files scanned in the last 30 days.
      Image

    • Detail list of scanned files.
    • Navigate to Policy | Capture ATP | Scanning History.
    • The following shows an example list of files scanned.
       EXAMPLE: If the file scanned is reported as Malicious, it is highlighted in RED.
       
      Image

    • Click on a file scanned for details:
       EXAMPLE: Clicking on a a file that was reported as malicious.

      Image


       EXAMPLE:  For a file that was not reported as malicious.
      Image


    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.




    Capture Advance Threat Protection (Capture ATP) Overview:

    Capture ATP helps SonicWall firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWall Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWall firewall. Capture ATP uses the UFTP protocol to transfer the file. UFTP stand for User Datagram Protocol (UDP) File Transfer Protocol (FTP).

    The Capture ATP process of a SonicWall firewall communicating with the SonicWall Capture ATP cloud service involves six major steps:

    1. The SonicWall firewall sends the file to SonicWall Capture ATP cloud services.
    2. The SonicWall Capture ATP cloud services saves the file in its repository.
    3. SonicWall Capture ATP cloud services reads and analyzes the file.
    4. SonicWall Capture ATP cloud services. stores the results in the SonicWall Capture ATP cloud services database.
    5. SonicWall Capture ATP cloud services access the SonicWall Capture ATP cloud services database.
    6. SonicWall Capture ATP cloud services sends results to the SonicWall firewall.

    The firewall is located in the customer premises. The SonicWall Capture ATP cloud services and database. are located at a SonicWall facility.

    The FQDN of the SonicWall Capture ATP cloud services is resolved by the SonicWall firewall periodically. This FQDN is also resolved anytime it is changed by the License Manager.

    Image


    With Capture ATP you get the ability to securely inspect, classify, and manage the following file types

    • Executables (PE, Mach-O, and DMG)
    • PDF
    • Office 97-2003 (.doc , .xls , etc.)
    • Office (.docs , .xlsx , etc.)
    • Archives ( .jar, .apk, .rar, .bz2, .bzip2, .7z, .xz, .gz, and .zip)


    Image

    NOTE: By default only the checkbox for Executables is selected, other file types must be manually selected.

    SonicWall firewall send a files using Encrypted UDP File Transfer Protocol (UFTP)

    UFTP Protocol benefits

    • Data Encryption of UDP traffic
    • Packet loss detection, correction and retransmissions
    • Can manage data duplication and unrecoverable errors


    SonicWall Capture ATP support all Gateway Anti-Virus (GAV) protocols

    • HTTP
    • HTTPS (requires DPI-SSL)
    • FTP
    • SMTP
    • POP
    • IMAP
    • CIFS/NetBIOS
    • TCP


    SonicWall Capture ATP's file Blocking Behavior

    Allows two options:

    Allow all files (this is the default options)

    • The allow all files options is less secure. You will get an alert if the files has been determined to be malicious after the files has been allowed on your network.

    Block all files until a verdict is returned

    • This option is more secure, but can slow down the download of some legitimate files. This option may require the users to retry the download.
    • This option only applies to HTTP and HTTPS file downloads.


    You can also Upload files directly to SonicWall Capture Cloud Services

    Files can be uploaded to SonicWall Capture Cloud Services via the SonicWall User Interface

    1. Navigate to Monitor | Event Summaries | Capture ATP and click Upload box to Upload a file to be scanned
    2. Browse and select a file, click the Upload button to send.


    Image


    Capture ATP reports and alerts

    • Navigate to Monitor | Event Summaries | Capture ATP
    • Tracks files scanned in the last 30 days.
      Image
    • Detail list of scanned files.
    • The following shows an example list of files scanned.
      EXAMPLE: If the file scanned is reported as Malicious, it is highlighted in RED.

      Image
    • Click on a file scanned for details:
      EXAMPLE: Clicking on a a file that was reported as malicious.
      Image

      EXAMPLE: For a file that was not reported as malicious.
      Image




    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.




    Capture Advance Threat Protection (Capture ATP) Overview:

    Capture ATP helps SonicWall firewall identify whether a file is a virus or not by transmitting the file to the Cloud where the SonicWall Capture ATP cloud service analyzes the file to determine if it is a virus and it then sends the results to the SonicWall firewall. This process is done in real time while the file is being processed by the SonicWall firewall. Capture ATP uses the UFTP protocol to transfer the file. UFTP stand for User Datagram Protocol (UDP) File Transfer Protocol (FTP).

    The Capture ATP process of a SonicWall firewall communicating with the SonicWall Capture ATP cloud service involves six major steps:

    1. The SonicWall firewall sends the file to SonicWall Capture ATP cloud services.
    2. The SonicWall Capture ATP cloud services saves the file in its repository.
    3. SonicWall Capture ATP cloud services reads and analyzes the file.
    4. SonicWall Capture ATP cloud services. stores the results in the SonicWall Capture ATP cloud services database.
    5. SonicWall Capture ATP cloud services access the SonicWall Capture ATP cloud services database.
    6. SonicWall Capture ATP cloud services sends results to the SonicWall firewall.

    The firewall is located in the customer premises. The SonicWall Capture ATP cloud services and database. are located at a SonicWall facility.

    The FQDN of the SonicWall Capture ATP cloud services is resolved by the SonicWall firewall periodically. This FQDN is also resolved anytime it is changed by the License Manager.

    Image 

    With Capture ATP you get the ability to securely inspect, classify, and manage the following file types

    • Executables (PE, Mach-O, and DMG)
    • PDF
    • Office 97-2003 file types (.doc , .xls ,...)
    • Office (.docs , .xlsx ,...)
    • Archives ( .jar, .apk, .rar, .gz, and .zip)
      Image


    NOTE: By default only the checkbox for Executables is selected, other file types must be manually selected.
     

    SonicWall firewall send a files using Encrypted UDP File Transfer Protocol (UFTP)

    UFTP Protocol benefits

    • Data Encryption of UDP traffic
    • Packet loss detection, correction and retransmissions
    • Can manage data duplication and unrecoverable errors


    SonicWall Capture ATP support all Gateway Anti-Virus (GAV) protocols

    • HTTP
    • HTTPS (requires DPI-SSL)
    • FTP
    • SMTP
    • POP
    • IMAP
    • CIFS/NetBIOS
    • TCP


    SonicWall Capture ATP's file Blocking Behavior

    Allows two options:

    Allow all files (this is the default options)

    • The allow all files options is less secure. You will get an alert if the files has been determined to be malicious after the files has been allowed on your network.

    Block all files until a verdict is returned

    • This option is more secure, but can slow down the download of some legitimate files. This option may require the users to retry the download.
    • This option only applies to HTTP and HTTPS file downloads.


    You can also Upload files directly to SonicWall Capture Cloud Services

    Files can be uploaded to SonicWall Capture Cloud Services via the SonicWall User Interface

    1. Navigate to Capture ATP | Status page and click  Upload box for Upload a file to be scanned dialog box.
    2. Browse and select a file, click the Upload button to send.
      Image



    Capture ATP reports and alerts

    • Navigate to Capture ATP | Status.
    • Tracks files scanned in the last 30 days.
      Image

    • Detail list of scanned files.
    • The following shows an example list of files scanned.
      EXAMPLE: If the file scanned is reported as Malicious, it is highlighted in RED.
      Image 

    • Click on a file scanned for details:
      EXAMPLE: Clicking on a a file that was reported as malicious.
      Image

      EXAMPLE:  For a file that was not reported as malicious.
      Image

    Related Articles

    • Analyzing TCP reset(RST)packets
    • ‘Error sending one-time password’ encountered when connecting to NetExtender
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series

    Categories

    • Firewalls > NSa Series > Capture ATP
    • Firewalls > NSv Series > Capture ATP
    • Firewalls > TZ Series > Capture ATP

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top
    Trace:4ee82ce2006b54d95245027ae7978e4a-89