The Advanced Threat Protection (ATP) service scans files for malware, zero-day exploits, and targeted attacks not detected by the Barracuda Email Security Service virus scanning features or intrusion prevention system. ATP analyzes files in a separate, secured cloud environment, and once scanning is complete, determines the risk level for each scan (determination), and then assigns a verdict.
- Malicious – File classified as high risk. File is highly likely to be malware.
- Suspicious – File classified as medium risk. File may pose a potential risk.
Clean – File classified as low risk. No malicious indicators were detected.
- Determination versus Verdict – When a scan is complete and the risk potential is classified, that scan displays a Determination. For example, if the file is determined to have medium risk, the determination is Suspicious. After all scans are complete, a Verdict displays based on the determination of all scans.
- Reclassified – If a scan determination is Malicious or Suspicious, but the file is reviewed by the Barracuda Analyst Team and determined to be Clean, the Verdict displays as Clean and Reclassified by Analyst displays.
ATP Report Sections
The ATP report is divided into the following sections:
This section provides a short description of the ATP report and how the scan verdict is reached.
This section displays the scan verdict and reason for this file. The verdict is based on the outcome, or determination, of each scan.
This section lists file-specific details including file extension, file size, meta-data, and when the file was first submitted.
This section lists the outcome of each scan:
- Enhanced Antivirus detection scans the file through a comprehensive system of traditional antivirus signatures.
- Behavioral Heuristics analyzes through a heuristics engine utilizing behavioral indicators.
- Sandboxing executes the file in an isolated environment where its behavior is analyzed and assigned a risk level.