• Wireless Network Manager
• Getting Started with Wireless Network Manager
  • About Wireless Network Manager
  • Using the Wireless Network Manager Interface
  • Using Wireless Network Manager Guide
• Overview
  • Dashboard
  • Alerts
  • Threats
  • Logs
  • Audit
• Using Air Marshal
  • RF Survey
    • Discovered Aps
    • Discover and Report Unassociated Wireless Clients
  • RF Spectrum
  • RF Monitor
  • Packet Capture
    • Wireless
    • Ethernet
  • Bluetooth LE
• Managing Your Network
  • Network Hierarchy
  • Network Topology
  • Zones
  • Devices
    • Managing Access Points
      • Managing the Configuration of Access Points
        • General
          • Bridge Mode
          • NAT Mode
        • Radio
        • SSL VPN
          • Activating SSL VPN
          • Editing SSL-VPN
      • Upgrading the Firmware for Specific Access Points
      • SonicWave Diagnostics
        • Testing Connectivity With Your Gateway or DNS Addresses
        • Testing Connectivity With Ping, Traceroute, or NSLookup
    • Viewing the Wireless Client Journey
    • Port Settings
    • Managing Switches
    • Managing Switch Clients
• Managing Policies
  • Policy Hierarchy
    • Select an AP Policy
      • General
      • System
      • Radio
      • Mesh Network
      • Bluetooth
      • • Certificate
        • Others
      • RRM (Radio Resource Management)
      • WIDP
      • 802.1X
      • Port Setting
      • ALG
      • SNMP
      • Syslog
    • Select a Switch Policy
      • General
      • System
        • Spanning Tree Protocol
        • Link Layer Discovery Protocol
        • Voice VLAN
        • Quality of Service (QoS)
        • Internet Group Management Protocol (IGMP) Snooping
        • Dynamic Host Configuration Protocol (DHCP) Snooping
        • Dynamic Host Configuration Protocol (DHCP) Relay
        • Loopback Detection
        • Jumbo Frames
        • Multicast Filtering
        • 802.1X
        • Static Route IPV4
        • DoS
        • Radius Server
        • Mirror Settings
        • Address Resolution Protocol
        • Static MAC Address Table
        • SNMP
      • Ports
        • Classic Switch Policy
          • General
          • VLAN
          • QoS
          • QoS Storm Control
          • Security
          • ACL
          • 802.1X
      • Port Policy
      • Link Aggregation
        • LACP
        • Group
        • Trunk Port Settings
        • VLAN
      • VLAN
        • General
        • Network
        • IGMP
    • Select an SSID
      • SSID Policies
        • Adding SSID Security Policies
        • Editing SSID Security Policies
      • General
        • Basic
        • Authentication
          • Disabling the Strict Rekey
        • Others
        • VLAN
        • Dynamic VLAN Support
      • Advanced
        • Band Selection
        • IEEE802.11R
        • IEEE 802.11K
        • IEEE802.11V
        • SSL-VPN Security Tunnel Access
        • DNS
        • Agile Multiband
      • Security Policies
      • Guest Portal
        • Sign-on Settings
          • Sign-on with One-Time Passwords
          • Configuring Twilio Billing for SMS
          • Sign-on with LDAP Server Authentication
          • Sign-on with Active Directory Server Authentication
          • Sign-on with RADIUS Server Authentication
          • Sign-on with SAML Authentication
          • Wireless Guest TOTP Authentication
        • Customized Splash Page
          • Use a Linked Image on the Customized Splash Page
          • Collect User Feedback from a Customized Splash Page
    • Select a Security Policy
      • CFS (Content Filtering Service)
        • General
        • Category
        • Enabling or Disabling Reputation
        • URI List
        • Customize Block Page
      • CATP (Capture Advanced Threat Protection)
        • General
        • File Types
        • Protocols
        • MD5 Exclusion List
        • Customize Block Page
      • CAV (Cloud Gateway Anti-Virus)
        • General
        • File Types
        • Protocols
        • MD5 Exclusion List
        • Customize Block Page
      • ACL
        • General
        • Authentication/Association MAC Filtering
        • ACL
        • Bandwidth Management
      • Geo-IP & Botnet
      • APP Control Security Policy
  • AP Policies
  • Using Tags to Manage Access Points and SSIDs
    • Using Tags to Manage Access Points
      • Adding Tags to an Access Point
      • Removing Tags Associated with an Access Point
      • Viewing Tags Associated with an Access Point
    • Using Tags to Manage SSIDs
      • Adding Tags to an SSID Group
      • Removing Tags from an SSID Group
      • Viewing Tags Associated with an SSID Group
  • QoS Policies
  • Wi-Fi Multimeda (WMM) Profiles
    • Creating Wi-Fi Multimeda (WMM) Policies
    • Enabling Wi-Fi Multimeda (WMM) Policies
  • Managing Switch Policies
    • Adding Switch Policies
    • Editing Switch Policies
  • Managing Switch Port Policies
    • Adding Switch Port Policies
      • General
      • VLAN
      • QoS
      • QoS Storm Control
      • Security
      • ACL
      • 802.1X
      • POE
    • Editing Switch Port Policies
  • Security Policies
    • Content Filtering Service
      • Creating Content Filtering Service Security Policies
      • Editing Content Filtering Service Categories
      • Adding Sites to the Allowlists and Blocklists
    • Customizing Blockpage
    • Applying a Security Policy to an SSID Group
    • Capture Advanced Threat Protection
      • Creating Capture Advanced Threat Protection Security Policies
      • Adding an MD5 Hash to the Exclusion List
    • Cloud Anti-Virus
    • Access Control Policies
      • Creating and Editing Access Control Policies
    • Geo-IP & Botnet
    • Application Control
  • Managing SNMP Policies
    • Setting the SNMP ID
    • Adding SNMP Policies
    • Editing SNMP Policies
    • Deleting SNMP Policies
    • Setting SNMP Policies
  • Managing Switch SNMP Policies
    • Adding Switch SNMP Policies
    • Editing Switch SNMP Policies
    • Applying Switch SNMP Policies
• Objects
  • Address Objects
    • Creating Mac Address Objects
    • Creating Address Object Groups
  • Service Objects
  • Matched Objects
  • QoS Objects
  • Schedule Objects
    • Scheduling VAP Security Policy
  • App Objects
  • VLAN Objects
• Admin
  • Reports
    • Generating Report Tasks
    • General Settings
  • Users
    • Configuring User Quota Control
  • Settings
    • General
      • Client Timezone
    • Firmware
    • Notification Center
      • Alert
      • Threat
      • Log
      • Email
      • SMS Event Notifications
  • Certificates
    • Batch Import
    • Import Certificates
  • Using the WiFi Planner
• SonicWall Support
  • About This Document

Capture Advanced Threat Protection

Capture Advanced Threat Protection (Capture ATP) is a cloud-based feature that analyzes files and determines if the file is malicious or acceptable. Capture ATP inspects files of up to 10MB, and is able to block threats before they can do any damage. All files submitted to Capture ATP are preprocessed before analysis, and separated in three categories. Malicious files are quarantined, while acceptable files are delivered directly to the client. If preprocessing determines a file to be malicious or acceptable, the file is not further analyzed by Capture ATP. Only the third category, those whose status cannot be immediately determined, are submitted to Capture ATP for complete analysis. Until this complete analysis is performed, Capture ATP works on the basis of Block Until Verdict if this option is selected. With Block Until Verdict, no files are delivered to the client before they pass rigorous analysis and are determined to be acceptable.

A streamlining feature called MD5 Hash Exclusion lists allows you to upload an MD5 hash and compare it with the SonicWall database of specified hash exclusions. This can speed up the analysis of files that are similar or the same as files that have recently been received for analysis.

Capture ATP supports many configurations of file types (archive files, executable files, Microsoft Office, Microsoft Office Extended , or PDF files). In order to expedite the process, the user has the possibility of excluding certain known files from file inspection, and either allow them or block them automatically.

Wireless Network Manager supports the HTTP, SMTP, and FTP protocols.

For more information about Capture ATP, see the latest SonicOS Security Configuration administration documentation available under the product name Secure Wireless Access on the SonicWall support website at: https://www.sonicwall.com/support/technical-documentation/.

• Creating Capture Advanced Threat Protection Security Policies
• Adding an MD5 Hash to the Exclusion List