Configuring Capture ATP Settings

To configure Capture ATP

1. Navigate to POLICY | Capture ATP > Settings.

   

2. Ensure Capture ATP, GAV, Cloud Gateway Anti-Virus database, and relevant protocols are enabled.

3. In the Bandwidth Management section, select the file types to be analyzed by Capture ATP.

   

   By default, only Executables (PE, Mach-O, and DMG) is selected.

   

4. By default Use the default file size specified by the Capture Service (10240 KB) is selected. To specify a custom size, enter a value between 1 and 10240 in the Restrict to KB field.

5. Optionally, to exclude an Address Object from Capture ATP, select an Address Object from the Choose an Address Object to Exclude fromCapture ATP drop-down menu.

6. Optionally, to exclude a file based on its MD5 checksum, click MD5 Exclusion List Settings to display the MD5 Exclusion Settings dialog.

   1. Add the 32-digit hexadecimal hash to the MD5 Exclusions List field.

   2. Click Save

   3. Repeat Step a and Step b for each file to exclude.

   4. Click Save.

7. If you are analyzing HTTP/HTTPS files, in the Custom Blocking Behavior section, you can specify whether all files are to be blocked until analysis is completed.

   

   By default Allow file download while awaiting a verdict is selected.

   The Block file download until a verdict is returned feature should only be enabled if the strictest controls are desired.

   If you select this feature, a warning dialog appears.

   Clicking the:

   • I agree, apply the setting button selects the Block file download until a verdict is returned option. You also must click Accept for the change to take effect.
   • Never mind, do not apply link closes the dialog and leaves Allow file download while awaiting a verdict selected.
8. Click Accept.