Advanced protection analyzes incoming and outgoing network traffic (for example DNS requests, HTTP requests, and IP packets) for threats.
It enables you to detect compromised endpoint devices in your network and raise an alert or drop the traffic from these devices.
To turn on advanced threat protection, click the on/off switch. When you turn it on, you can configure the following settings:
Advanced threat protection (ATP)
|Select the action you want ATP to take when a threat is detected:
|Network / Host Exceptions
|Specify the networks and hosts you want to exclude from ATP scanning. To do this, click Add new item and select the network or host you want to exclude. If no definition exists, click Create new to add a new one.
|Add the destination domains or IP addresses you want to exclude from ATP scanning. To add an entry, type a URL or IP address in Search / Add and click Add .
You may expose your network to severe risks if you exclude sources or destinations.
Advanced security settings
|Inspect untrusted content
|Inspects traffic from untrusted sources or traffic going to untrusted destinations only. This option gives the best performance.
|Inspect all content
|Inspects all content to and from both trusted and untrusted sources and destinations. This option gives the best security but may impact performance.
The difference in performance between Inspect untrusted content and Inspect all content is minimal. However, it can be significant in high-traffic environments.