What can I do here?
Use this window to configure these advanced Threat Emulation settings:
Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Profiles > Profile > Threat Emulation > Advanced |
Emulation Connection Handling Mode lets you configure Threat Emulation to allow or block a connection while it finishes the analysis of a file. You can also specify a different mode for SMTP and HTTP services.
Best Practice - For configurations that use Hold mode for SMTP traffic, we recommend that you use an MTA deployment.
If you are using the Prevent action, a file that Threat Emulation already identified as malware is blocked. Users cannot get the file even in Background mode.
If an attachment to an email is found to be malicious, you can select to block or allow the original email without the attachment.
Static Analysis optimizes file analysis by doing an initial analysis on files. If the analysis finds that the file is simple and cannot contain malicious code, the file is sent to the destination without additional emulation. Static analysis significantly reduces the number of files that are sent for emulation. If you disable it, you increase the percentage of files that are sent for full emulation. The Security Gateways do static analysis by default, and you have the option to disable it.
Lets you configure the system to generate logs for each file after emulation is complete.