Patient Zero Protection provides advanced malware
protection from suspicious objects that have been sent to Virtual Analyzer for sandbox
analysis.
When Patient Zero Protection is enabled, Deep Discovery Web
Inspector temporarily
holds the suspicious object while analysis is performed. Once analysis is complete,
depending
on the outcome of the analysis, the appropriate action is taken.
By enabling Patient Zero Protection, you ensure that malicious objects are not passed through to the destination while
waiting
for sandbox analysis to complete. This provides a higher level of protection against
malware
intrusions and attacks.
-
Deep Discovery Web
Inspector takes no
action and delivers the object to the endpoint if it is marked as No risk
.
-
If sandbox analysis determines that the risk level for that object is low, medium,
or
high, the malicious object is blocked or monitored, according to the actions configured
for the policy that triggered the analysis.
The default risk-level actions for a policy are to block high-risk and
medium-risk objects and monitor low-risk objects.
-
If Virtual Analyzer did not finish the sandbox analysis or even start the
analysis during the allotted time, Deep Discovery Web
Inspector allows the object to pass through to the destination.
If Deep Discovery Web
Inspector
encounters the object that did not finish or even start analysis again, the object
is not
sent to Virtual Analyzer for sandbox analysis; Deep Discovery Web
Inspector allows the object to pass
through.
 |
Note
If Patient Zero Protection is disabled, suspicious objects are not held while analysis is ongoing. The suspicious
objects are passed straight through.
|
