Malware filters are delivered weekly through the Threat DV
package to protect you from the latest advanced threats. These filters provide alerts
on a wide
range of malware families and are designed to detect post-infection traffic, including:
- Bot activity
- Phone-home
- Command-and-control (C&C)
- Data ex-filtration
- Mobile threats
- Domain Generating Algorithm (DGA)
 |
NoteA majority of filters in a malware filter
package are disabled by default to prevent false positives or performance impacts.
|
In general, when you deploy a malware filter package:
- Use your initial deployment as a trial run to detect potential problems.
- To establish an initial baseline or to monitor events and enable filters without blocking or other disruptive action sets, enable a subset of malware filters with Permit + Notify.
- Monitor events and evaluate filters that trigger to determine if they constitute a true threat or a false-positive. If you suspect an imminent threat, enable the filter that addresses the threat with Block or Block + Notify.
- Adjust filter settings accordingly to ensure the appropriate response and continue monitoring, evaluating, and adjusting to mitigate threats.
- If you enable Adaptive Filter Configuration (AFC), the behavior of a Threat DV malware filter might be altered according to the AFC mode enabled for the device.