- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
SonicWall Capture ATP and Data Privacy
03/26/2020 
817 People found this article helpful
95,890 Views
Description
Capture ATP Overview
Capture Advanced Threat Protection (ATP) is sold as an add-on security service to the firewall, similar to Gateway Anti-Virus (GAV).
Capture ATP helps a firewall identify whether a file is malicious or not by transmitting the file to the cloud where the SonicWall Capture ATP service analyzes the file to determine if it contains a virus or other malicious elements. Capture ATP then sends the results to the firewall. This is done in real time while the file is being processed by the firewall.
This document explains how files are analyzed by your SonicWall Appliance and Capture ATP.
SonicWall Firewall Analysis
- If the firewall identifies a file as malicious it’s blocked immediately. No files are submitted to Capture ATP.
- If the file is otherwise suspicious, and hasn’t been seen before, a copy of the file is sent to Capture ATP for further analysis. The original file remains quarantined on the appliance.
Capture ATP Analysis
- The firewall is located at the customer premises, while the Capture ATP server and database are located at a SonicWall facility. The firewall creates a secure connection with the Capture ATP cloud service before transmitting data.
- Before you can enable Capture ATP you must first get a license, and you must enable the Gateway Anti-Virus (GAV) and Cloud Anti-Virus Database services.
- If a file is not determined to be malicious by the GAV service during the Capture preprocessing process, the file is submitted to Capture ATP for analysis.
- Capture ATP will analyze the suspicious file as well as hold files at the gateway until you have a verdict.
- Once a Capture ATP subscriber discovers a malicious file, a hash is created so other Capture ATP subscribers can block attacks from the same version. Afterwards, a signature is sent to the firewall so GAV/IPS subscribers can block the attack.
Resolution
Capture ATP and Data Privacy
All files are sent to the Capture ATP cloud datacenter that you selected when enabling the Capture service over an encrypted connection. Files are analyzed and deleted within minutes of a verdict being determined; they are not transferred to any other locations, unless a file is found to be malicious.
Malicious files are submitted via an encrypted HTTPS connection to the SonicWall threat research team, located in Santa Clara California or Bangalore India, for further analysis and to harvest threat information. Files are not transferred to any other location for analysis.
Malicious files are deleted after harvesting threat information within 30 days of receipt. The SonicWall privacy policy can be accessed at:
https://www.mySonicWall.com/privacypolicy.aspx
Related Articles
- 2FA authentication error using TOTP "Please try again later"
- Methods to add Address Objects
- Configure probe monitoring for WAN Failover and load balancing
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO