Print Download Complete help as Archive Send Feedback

Previous

Next

Threat Emulation - Advanced

What can I do here?

Use this window to configure these advanced Threat Emulation settings:

Getting Here

Getting Here - Security Policies > Threat Prevention > Policy > Threat Tools > Profiles > Profile > Threat Emulation > Advanced

Handling Connections During Emulation

Emulation Connection Handling Mode lets you configure Threat Emulation to allow or block a connection while it finishes the analysis of a file. You can also specify a different mode for SMTP and HTTP services.

Best Practice - For configurations that use Hold mode for SMTP traffic, we recommend that you use an MTA deployment.

If you are using the Prevent action, a file that Threat Emulation already identified as malware is blocked. Users cannot get the file even in Background mode.

Static Analysis

Static Analysis optimizes file analysis by doing an initial analysis on files. If the analysis finds that the file is simple and cannot contain malicious code, the file is sent to the destination without additional emulation. Static analysis significantly reduces the number of files that are sent for emulation. If you disable it, you increase the percentage of files that are sent for full emulation. The Security Gateways do static analysis by default, and you have the option to disable it.

Logging

Lets you configure the system to generate logs for each file after emulation is complete.