The ATP tab both displays results and processes file scanning via Advanced Threat Protection (ATP). Before you can use the ATP tab, you must enable ATP in the firewall settings. For more information, see Advanced Threat Protection (ATP).
The location of the ATP server and its status is displayed on top of the data table for every ribbon bar menu except the menu Exceptions:
There are four options available for the status:
The information displayed on the ATP page is listed in the following columns:
- Risk – Displays the risk classification.
- Information – Displays the URL of the scanned file.
- File – Displays the scanned file entry.
- File Type – Displays the scanned file type.
- Origin – Displays the source of the scanned file.
- Delivered – Displays the number of file deliveries.
- Blocked – Displays the number of blocks for this file.
- Start Time – Displays the time the scan was started.
To access the information on the files scanned by ATP, click the service bar icons top of the page:
- Files in Progress – Clicking this icon displays all files that are selected for the scan process.
- Emails in Progress – Clicking this icon displays all emails that are selected for the scan process.
- Scanned Files – Clicking this icon queries the ATP list and displays all files scanned by ATP.
- Malicious Files – Clicking this icon displays all files blocked by ATP.
- Quarantine – Clicking this icon displays the users and IP addresses whose connections were redirected to the quarantine and shows the time since the address was put into quarantine.
- Exceptions – Clicking this icon displays all files that are exempted from scanning due to whitelisting or from forwarding due to blacklisting.
To filter the list according to specific criteria (such as risk, URL, or file type), use the fields on top of each column. Click the Clear Filter icon on the top right of the ribbon bar to remove the criteria entered.
Managing Threat Information
Double-clicking a file opens the ATP File Details window where you can view additional information on the file:
- Scan Policy – Displays the scanning policy that applies to the file.
- Risk – Shows the risk classification. The Reason section on the right displays further details on the blocking reason.
- Filetype – The file type.
- Origin – The path of the scanned file.
- Downloads – Shows the number of downloads for this file and the action that was performed by ATP.
The File Downloads section displays further details on the file, such as download origin and user, URL, and download time.
The Emails in Progress page displays emails that have attachments that are currently scanned. This applies only to the option Scan First Then Deliver.
The Scanned Files page displays all files scanned by ATP. Whitelisted files are highlighted in green, and blacklisted files in light red.
The Exceptions page displays two tables. The upper table with the name Whitelisted Files displays files that are exempted from scanning regardless if they are a risk or not. The lower table with the name Blacklisted Files displays files that are blacklisted. These files will not be scanned and not be forwarded regardless if they are a risk or not.
For instant scanning and process management, the links section on the top right of the page provides the following options:
- Manual File Upload – Opens the file browser from where you can select a file to be scanned. For more information, see How to Manually Upload Files to ATP.
- Remove – Removes a selected entry from the file list.
- Download Report – Downloads the scan report to a file.