Patient Zero Protection provides advanced malware protection from the following:
- Suspicious objects that have been sent to Virtual Analyzer for sandbox analysis.
- Suspicious URLs that have been sent to T-Zero cloud service for Dynamic URL Scanning.
If Patient Zero Protection is enabled, Deep Discovery Web
Inspector temporarily
holds the suspicious object or URL while analysis is performed. Once analysis is complete,
depending on the outcome of the analysis, the appropriate action is taken. Deep Discovery Web
Inspector delivers the object to the
endpoint, or forwards the web request to the destination server, if it is riskless.
If sandbox
analysis or Dynamic URL Scanning determines that the risk level for that object is
low,
medium, or high, the malicious object is blocked or monitored, according to the actions
configured for the policy that triggered the analysis.