Advanced threat protection
Advanced threat protection analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP requests, and IP packets) for threats.
Using ATP, you can quickly detect compromised clients in your network and raise an alert or drop the traffic from those clients.
To turn on advanced threat protection, click the on/off switch. When you turn it on, you can configure the following settings:
General settings
Policy |
Use the drop-down to specify the action ATP should take when a threat is detected. Select Log only to log the data packet but still allow the data flow, or Log and drop to log and drop the packet. By default, Log only is selected. |
Network / Host Exceptions |
Allows you to specify networks and hosts to exclude from ATP scanning. To do this click Add new item and select the network or host you wish to exclude. If no definition exists you can add a new one by clicking on Create new. |
Threat exceptions |
Allows you to add destination domains or IP addresses to exclude from ATP scanning.
To add an entry, type a URL or IP address in the Search / Add field and click Add
|
Advanced settings
Inspect untrusted content |
Inspects traffic from untrusted sources or traffic going to untrusted destinations only. This option gives the best performance. |
Inspect all content |
Inspects all content to and from both trusted and untrusted sources and destinations. This option gives the best security but may impact performance. |