Managing Threat Prevention
Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide|196
The update status is displayed next to each blade:
n
Up to date
n
Update available
n
Update service unreachable
You can activate the blades to prevent attacks/infection or set them to detect-mode only on the Threat
Prevention Engine Settings page.
A warning message shows if a blade is in configured in the Detect-only mode.
The top of the page shows the number of infected devices. For more information, click More details.
One policy is configured for all the blades:
n
Strict - Focuses on security.
n
Recommended - The default option, which gives the best mixture of security and performance for
small/medium sized business.
Note - The performance impact for the "Suspicious Mail Activity" protection in Anti-Bot was
changed to High and is now off by default. To enable this protection, you must configure it
in a custom policy.
n
Custom - Manually defined by the user.
Configuring a Custom Policy for Threat Prevention
1. In the Threat Prevention Blade Control page, under Policy, select Custom.
2. For Tracking options, select one of these options:
n
None – Do not log.
n
Log – Create a log.
n
Alert – Log with an alert.
3. Under Protection Activation, for each confidence level (High confidence, Medium confidence, and
Low confidence), select the applicable action from the list:
n
Ask - Traffic is blocked until the user confirms it is allowed.
n
Prevent - Blocks identified virus or bot traffic, or identified malicious files, from passing through
the gateway.
n
Detect - Allows identified virus or bot traffic, or identified malicious files, to pass through the
gateway. This traffic is detected and logged.
n
Inactive - The protection is deactivated.
4. For Severity, select the level:
n
Low or above
n
Medium or above
n
High or above
n
Critical
5. For Performance impact, select the allowed impact level:
To Next Page
Loading...
