Scanning History

The Capture ATP Scanning History page located at POLICY | Capture ATP > Scanning History displays a list of all the files that have been scanned and analyzed. You can filter results, search, narrow results to show scans from the last month, last week, last 24 hours, and in the last hour. You can also search for specific strings, so this page lists only items that contain those search strings. Use custom date periods to view windows of scan instances, and customize your view of the Column Selection.

Submit a Sample

The Submit a Sample option allows you to browse for supported files, submit, and scan them for analysis. Supported files include .PE files, match object (Mach-O), Apple Disk Image (DMG), pdf, office documents (.doc , .xls, .docx , .xlsx) and others (jar, apk, rar, bz2, bzip2, 7z, xz, gz, zip) with a maximum file size of 10240 KB.

You can restrict the maximum file size that can be submitted on the POLICY | Capture ATP > Settings page, under Bandwidth Management. You can enter any number between 0 and the maximum size that is set by the License Manager (10240 KB). Entering a zero (0) indicates that the file size is unlimited, but that is not recommended.

To submit a file to Capture ATP for analysis

1. Navigate to the POLICY | Capture ATP > Scanning History.

2. Click the Submit a Sample icon.

   The Submit a Sample dialog appears.

   

3. Click in the Select a file... field and browse to the file you want to submit.

4. Click the Re-analyze file if it already exists option if you would like to resubmit a previously scanned file.
5. Click Upload.

6. After a few moments, click Refresh. Verify that the file appears on the Scanning History page.

   

Viewing Analyzed Results

To view the detailed results of a scanned file

1. Navigate to the POLICY | Capture ATP > Scanning History.

2. The columns for the Scanning History page are as follows:

   • Disposition: The results of the analysis for this file, Benign or Malicious.
   • File Name: Lists the file name of the scanned file.
   • URL: Lists the file path of the scanned file.
   • Type: The type of file that was analyzed, such as an executable file or a zip file.
   • Date Time: The time that the file was submitted for analysis.
   • Source: The IP address from which the file was sent.
   • Destination: The IP address to which the file was sent.

   From the detailed results view, you can click a scanning report to launch the scanning report for that file.

3. Click the Disposition check mark for that file. The details of the analysis results for that file display.

   

4. Click the Disposition check mark again to close the results.