12/01/2022 54 People found this article helpful 447,249 Views
Capture Advanced Threat Protection (ATP) helps a firewall identify whether a file is malicious by transmitting the file to the cloud where the SonicWall Capture ATP service analyzes the file to determine if it contains a virus or other malicious elements. Capture ATP then sends the results to the firewall. The analysis and reporting are done in real-time while the file is being processed by the firewall.
All files are sent to the Capture ATP cloud over an encrypted connection. Files are analyzed and deleted within minutes of a verdict being determined unless a file is found to be malicious. Malicious files are submitted via an encrypted HTTPS connection to the SonicWall threat research team for further analysis and to harvest threat information. Files are not transferred to any other location for analysis. Malicious files are deleted after harvesting threat information within 30 days of receipt.
Capture ATP provides a file analysis report (threat report) with detailed threat behavior information. Capture ATP works in conjunction with the Gateway Anti‐Virus (GAV) and Cloud Anti‐Virus services.
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Custom Blocking Behavior of Capture ATP:
The Custom Blocking Behavior section allows you to select the Block file download until a verdict is returned feature.
NOTE: Only applies to HTTP/S file downloads
Due to the blocking behavior of BUV, it is sometimes necessary to exclude certain file types from BUV, although you don’t want to allow all file. SonicOS allows customized blocking behavior for Capture ATP to exclude certain traffic or file types from blocking file downloads until a verdict is reached. The Custom Blocking Behavior section of the Policy | Capture ATP | Settings | Advanced page now includes options for you to customize the blocking behavior:
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Custom Blocking Behavior of Capture ATP:
The Custom Blocking Behavior section allows you to select the Block file download until a verdict is returned feature.
Due to the blocking behavior of BUV, it is sometimes necessary to exclude certain file types from BUV, although you don’t want to allow all file. SonicOS allows customized blocking behavior for Capture ATP to exclude certain traffic or file types from blocking file downloads until a verdict is reached. The Custom Blocking Behavior section of the MANAGE | Security Configuration | Security Services | Capture ATP page now includes options for you to customize the blocking behavior:
NOTE: This section was introduced in the 6.5.2.1 feature release. To utilize this Custom Blocking Behavior with BUV, it is necessary for the firewall to be on firmware 6.5.2.1 or above. You can refer to How Can I Upgrade SonicOS Firmware? for the firmware upgrade procedure