Zero-day protection uses multiple different analysis techniques and combines these to determine if a file is likely to be malicious or not. This gives you more information and helps reduce false positive detections. Use these results to determine the level of risk posed to your network if you release these files.
The article will guide you to configure the Zero-day Protection feature to help analyze and evaluate suspicious downloads.
Step 1: Create Firewall Rule to enable Zero-day Protection feature
Go to Rule & Policies > Add Firewall Rule > New Firewall Rule.
Select and fill in the following parameters:
Rule Name: Enter the name you want
Action: select Accept
Source zone: LAN
Source networks and devices: LAN1(IP PC: 192.168.1.10).
Destination Zones: WAN
Destination networks: Any
In Web Policy select Scan HTTP and Decrypted HTTPS and Use Zero-day Protection to use this feature.
Click on Save.
Step 2: Test to check the Zero-day Protection feature
To test you visit the following website: https://www.wicar.org/
select CLICK HERE TO TEST YOUR BROWSER AND NETWORK and click on the test files below.
Or you can also visit the website: http://www.rexswain.com/eicar.html
Choose to download the eicar files below.
To check the results on Sophos Firewall select Zero-day Protection > Downloads and Attachments.
The test files show status is Malicious and are Blocked.
With View Report you will have a summary file of detailed information about virus files.