APT Blocker detects advanced malware that uses zero-day exploits, and combines with the other security services on your Firebox to provide another layer of defense against network threats.
APT Blocker and Gateway AntiVirus
APT Blocker uses the same scan process as Gateway AntiVirus. You must have Gateway AntiVirus enabled on your Firebox to enable APT Blocker on the device. Then, if a proxy policy is configured to enable Gateway AntiVirus to scan the traffic through the policy, and you enable APT Blocker for the policy, the traffic is also scanned by APT Blocker.
Only files that have been scanned and processed as clean by Gateway AntiVirus are scanned by APT Blocker. APT Blocker scans compatible file types if they are enabled in the Gateway AntiVirus configuration.
APT Blocker and Reputation Enabled Defense (RED)
WatchGuard RED uses a cloud-based WatchGuard reputation server that assigns a reputation score between 1 and 100 to every URL source.
When APT Blocker detects a threat, this information is shared with the WatchGuard Reputation server as virus statistics for the source.
For more information on RED, see Configure Reputation Enabled Defense.
APT Blocker and WebBlocker
An important defense against advanced malware is to detect botnet activity and any command and control traffic from inside your network to external servers.
WebBlocker uses a database of website addresses (identified by content categories) to allow or block website traffic. WatchGuard recommends that you configure the WebBlocker service to block traffic for these security URL categories to detect and prevent this type of activity:
- Malicious Websites
- Phishing and Other Frauds
- Potentially Unwanted Software
- Bot Networks
- Malicious Embedded Link
- Malicious Embedded iFrame
- Suspicious Embedded Link
- Mobile Malware
- Advanced Malware Command and Control
- Elevated Exposure
- Emerging Exploits
- Potentially Damaging Content
- Dynamic DNS
For more information, see About WebBlocker.