If it is not possible to allow the Automatic Updates Download as described in sk94508, you can install the Autonomous Threat Prevention Management integration Release Update manually on the Security Gateways / Cluster Members and Management Server.
On the Security Gateway / each Cluster Member, install the Autonomous Threat Prevention package GOT_TPCONF):
Prepare a temporary directory:
Connect to the command line on the Security Gateway / each Cluster Member.
Log in to the Expert mode.
Create a temporary directory:
mkdir -v /var/log/GwAtpUpdate
Get the required Autonomous Threat Prevention package:
Download the GOT_TPCONF package from the "Availability" section above to your computer.
Copy the package from your computer to the Security Gateway / each Cluster Member to the temporary directory /var/log/GwAtpUpdate/).
In SmartConsole, enable Autonomous Threat Prevention in the Security Gateway / Cluster Object:
Connect with SmartConsole to the Management Server.
From the left navigation panel, click the Gateways & Servers view.
Double-click the Security Gateway / Cluster object.
From the left tree, click General Properties.
In the lower pane, click the Threat Prevention tab.
Select Autonomous Threat Prevention.
In SmartConsole, create an Autonomous Threat Prevention policy (if you already have a Threat Prevention policy package, skip to Step 5):
In SmartConsole, in the top left corner, click the Menu icon and click Manage policies and layers.
In the Manage policies and layers window, click New.
Enter a name for the policy package.
On the General page > Policy types section, select Threat Prevention (you can select more policy types if required).
In SmartConsole, from the left navigation panel, click the Security Policies view.
In the Infinity Threat Prevention section, click Policy.
From the top drop-down list with the five pre-defined profiles, select the required profile.
In SmartConsole, install the Autonomous Threat Prevention policy:
In SmartConsole, from the top, click Install Policy.
Select Threat Prevention.
Select the applicable Security Gateway / Cluster objects.
Note - The Autonomous Threat Prevention policy is installed on Security Gateways / Clusters with the Infinity Threat Prevention enabled. Security Gateways / Clusters without Infinity Threat Prevention enabled, receive the traditional Threat Prevention Policy.
Test the Threat Prevention policy - download a malicious file (for example, EICAR) through the Security Gateway / Cluster. The Security Gateway / Cluster must prevent the download and generate the corresponding log.
List of Resolved Issues and New Features per Update
Update 15 (14 June 2022)
NEW: Web Zero-day Phishing Prevention is now available for all R81.20 EA customers with an NGTX license.
The protection is automatically enabled in the Autonomous Perimeter and Strict Security profiles.
The new Configuration Overview panel prompts fixing potential protection misconfigurations.
Update 14 (20 March 2022)
In some scenarios, Blade Global Exceptions may not be optimized for CPU consumption.
Network feeds and Updatable objects are not supported in ATPM, including as part of Network Groups.
When installing policy with Network Feeds or Updatable Objects which are part of Network Groups or stand-alone, an obscure message may be displayed.
UPDATE: Sandbox enhanced, with new heuristics for Qbot malware detection and improved AI-based detection capabilities for executable files.
UPDATE: Added new IPS protections for detection and prevention of malicious usage of XML macros, like Zloader, Qbot, and Icedid
The License absence warning may be shown to NGTP licensed users.
Update 11 (03 May 2021)
NEW:Added customization capabilities to support RTF files. All Gateways with enabled Sanitization will clean RTF files from potentially malicious content.
NEW: Automatic optimization of a Threat Prevention policy according to the appliance RAM usage during policy installation: for appliances with a lack of RAM, Autonomous Threat Prevention Management will automatically disable Sanitization technology. An administrator will be notified and can check the status under the "Device and information" section
NEW: In Autonomous Threat Prevention Settings menu, it is now possible to control if the policy package is optimized for rapid file delivery (unknown files delivered after the initial scan, before the final verdict from Sandbox) or for maximum security (files delivered after the final verdict from Sandbox).
UPDATE: Adjusted suffix of sanitized files (".cleaned" by default)
UPDATE: Threat Emulation Sandbox is enhanced with advanced anti-evasion techniques to improve prevention of malware that tries to detect emulation and hides its malicious activities.
UPDATE: Microsoft Exchange Zero-days exploits. On March 2, 2021, Microsoft shared details on multiple severe vulnerabilities (CVE2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) targeting Microsoft Exchange Servers. Microsoft reported that those vulnerabilities have been detected as exploited.The following IPS protections have been released for the relevant vulnerabilities:
Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
Microsoft Exchange Server Remote Code Execution (CVE-2021-26857; CVE-2021-26858)
Update 9 (25 February 2021)
Added various detection enhancements and code improvements.
Update 8 (25 January 2021)
Profile Security Settings Override and Sanitization Preferences are now available in the Settings tab.
Added "Share Feedback" component at the bottom of the screen.
Update 7 (03 December 2020)
Added various detection enchantments and code improvements.
Update 6 (03 November 2020)
TPM-2286, TPM-2552, TPM-2565
NEW: Added ability to configure via Management API, Sandbox (Threat Emulation) and Sanitization (Threat Extraction). Refer to sk169952.
Search in the Deployment Dashboard may not filter the result.
Update 5 (12 October 2020)
Policy statistics may not be visible.
Update 4 (01 October 2020)
In some scenarios, policy installation on Virtual System may fail when ITPM is enabled.
Update 3 (10 September 2020)
NEW: Added the File Protections tab. It provides detailed visibility of file type actions per profile and an option to override default profile actions.
Update 2 (13 August 2020)
Improvements in IPS Profile settings.
Update 1 (15 July 2020)
UPDATE: Added Sandboxing support for the following MacOS file types: app, dmg and pkg. By default, these file types will be sandboxed by all the Gateways.
UPDATE: Added File Reputation and Sandboxing support for the following archive types: RPM, WIM, CHM, LZH, MSI, ARJ, CPIO, AR, CramFS, QCW2, UDF. By default, these file types will be inspected by all the Gateways.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?