Autonomous Threat Prevention Overview Section

The Overview section in the Autonomous Threat Prevention view provides information about how Autonomous Threat Prevention handles malware attacks.

The Overview section shows the number of files which were deleted, inspected, sandboxed and so on, and other information on blocking attacks. To see the logs for each type of action done by Autonomous Threat Prevention, enter these queries in the Logs & Events view > Logs view or Logs & Events > SmartView > Logs view:

Inspected Files

'(blade:"Anti-Virus" AND file_name:*) OR (blade:"Threat Emulation" AND NOT verdict:Error) AND action:(Accept OR Allow OR Block OR Detect OR Drop OR "HTTPS Inspect" OR Inspect OR Prevent OR Reject)'

Sandboxed Files

'blade:"Threat Emulation" AND NOT verdict:Error AND action:(Accept OR Allow OR Block OR Detect OR Drop OR "HTTPS Inspect" OR Inspect OR Prevent OR Reject)'

Sanitized Files

'blade:"Threat Extraction" AND action:Extract'

Blocked Malicious Files

'((blade:"Threat Emulation") OR (blade:"Anti-Virus" AND "signature") OR (blade:IPS AND (("Adobe Reader Violation" OR "Content Protection Violation" OR "Instant Messenger" OR "Adobe Flash Protection Violation")))) AND action:(Block OR Drop OR Prevent)'

Detected Malicious Files

'(blade:"Anti-Virus" AND file_name:*) OR (blade:"Threat Emulation" AND NOT verdict:Error) AND action:Detect'

Blocked Attempts To Access Malicious Sites

'NOT SMTP AND action:(Block OR Drop OR Prevent) and ((blade:IPS AND ("Adobe Flash Protection Violation" OR "Adobe Shockwave Protection Violation" OR "Web Client Enforcement Violation" OR "Exploit Kit")) OR (blade:"Anti-Virus" AND ("URL Reputation" OR "DNS Reputation")))'

Detected Phishing Attempts

'blade:"Zero Phishing" AND action:(Detect)'

Blocked Phishing Attempts

'blade:"Zero Phishing" AND action:(Prevent)'

Blocked Targeted Host Attacks

'blade:IPS AND action:(Block OR Drop OR Prevent) NOT ("SMTP" OR "Adobe Reader Violation" OR "Content Protection Violation" OR "Mail Content Protection Violation" OR "SMTP Protection Violation" OR "Phishing Enforcement Protection" OR "Adobe Flash Protection Violation" OR "Adobe Reader Violation" OR "Content Protection Violation" OR "Instant Messenger" OR "Adobe Flash Protection Violation" OR "Scanner Enforcement Violation" OR "Port Scan" OR "Novell NMAP Protocol Violation" OR "Adobe Flash Protection Violation" OR "Adobe Shockwave Protection Violation" OR "Web Client Enforcement Violation" OR "Exploit Kit")'