file-reputation enable

Function

The file-reputation enable command enables APT defense file reputation detection.

The undo file-reputation enable command disables APT defense file reputation detection.

Format

file-reputation enable

undo file-reputation enable

Parameters

None

Views

APT defense profile view

Default Level

2: Configuration level

Usage Guidelines

By default, the APT defense file reputation detection function is disabled.

Enabling this function deteriorates APT defense detection performance.

When this function is enabled, the device matches traffic against cached malicious files. If the traffic matches a malicious file, the device performs the specified action, and the traffic does not need to be sent to the sandbox for inspection. If the traffic does not match a malicious file, the traffic is sent to the sandbox for inspection. The malicious files cached in the device may come from the following sources:

Malicious files detected by the sandbox
Malicious files in the file reputation databases, including the file reputation signature database and file reputation hotspot database. For details about how to update the file reputation databases, see Updating File Reputation Databases
Import or export the MD5 list.
Malicious files in the local reputation database on the HiSec Insight. For details about how to update the local reputation database, see Updating Local Reputation Using the Web UI.
Malicious files obtained from a remote reputation server

Example

# Enable APT defense file reputation detection.

<sysname> system-view
[sysname] profile type aapt name example
[sysname-profile-aapt-example] file-reputation enable