Patient Zero Protection provides the following:

1. Advanced malware protection from suspicious objects that have been sent to Virtual Analyzer for sandbox analysis.
2. Phishing threat real-time detection from suspicious URLs that have been sent to T-Zero cloud service for Dynamic URL Scanning, if Global Dynamic URL Scanning is enabled.

When Patient Zero Protection is enabled, Deep Discovery Web Inspector temporarily holds the suspicious object or URL while analysis is performed. Once analysis is complete, depending on the outcome of the analysis, the appropriate action is taken.

By enabling Patient Zero Protection, it is ensured that malicious objects or URLs are not passed through to the destination while waiting for sandbox analysis or Dynamic URL Scanning to complete. This provides a higher level of protection against malware intrusions and attacks.

Deep Discovery Web Inspector takes no action and delivers the object to the endpoint if it is marked as No risk.

If sandbox analysis or Dynamic URL Scanning determines that the risk level for that object is low, medium, or high, the malicious object or URL is blocked or monitored, according to the actions configured for the policy that triggered the analysis.

The default risk-level actions for a policy are to block high-risk and medium-risk objects and monitor low-risk objects.

If Virtual Analyzer or Dynamic URL Scanning did not finish the sandbox analysis or even start the analysis during the allotted time, Deep Discovery Web Inspector allows the object or URL to pass through to the destination.

If Deep Discovery Web Inspector encounters the object that did not finish or even start analysis again, the object is not sent to Virtual Analyzer for sandbox analysis; Deep Discovery Web Inspector allows the object to pass through.