Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Capture ATP not blocking malicious files coming in via smtp

artvbasicartvbasic Newbie ✭
edited January 2021 in Firewall Security Services

I understand CaptureATP blocks direct downloads of malicious files from the internet, but what about incoming emails with bad attachments?. I know the system alerts you of a bad file detected and all, but the email with the bad attachment is still allowed to enter the network.

Is there a way to prevent this?

Category: Firewall Security Services
Reply

Best Answer

  • CORRECT ANSWER
    Halon5Halon5 Enthusiast ✭✭
    Answer ✓

    Hi @artvbasic ,

    We are using Capture ATP on the ES virtual appliance. That is an effective way to do that (there are also other AV engines on that appliance).

    I don't believe that you can just use the firewall's Capture ATP to get that to work effectively. It's not really designed for the SMTP protocol. It's more about web downloads.

    ES is really pretty good at handling embedded threats this way.

    Hope that helps.

    Stephan.

Answers

  • LarryLarry All-Knowing Sage ✭✭✭✭

    @artvbasic - @Halon5 has given you one approach, but there is another.

    I, too, have often found that Capture ATP will scan the email attachment and let it through. That's because it didn't find anything. And yet, when you open the PDF there's that link that - if clicked - would cause havoc. The sandbox cannot detect that when it explodes out the PDF because it requires user action.

    Note that if you have SonicWall's Capture Client, your client's desktop would be protected from that inadvertent click. SentinelOne should intercept the malicious activity that would commence and block it.

    Hope that helps!

  • Halon5Halon5 Enthusiast ✭✭

    @Larry , too true, well said.

Sign In or Register to comment.