Zero-day protection is powered by SophosLabs Intelix, a cloud service that combines machine learning, sandboxing, and research to detect known and unknown threats by analyzing suspicious downloads and email attachments.
This article will guide you how to configure Zero-day Protection feature to help analyze and evaluate suspicious downloads.
2. Network Diagram.
Step 1: Create Firewall Rule to enable Zero-day Protection feature
Go to Rule & Policies > Add Firewall Rule > New Firewall Rule.
Select and fill in the following parameters:
Rule Name: Enter the name you want
Action: select Accept
Source zone: LAN
Source networks and devices: LAN1(IP PC: 192.168.1.10).
Destination Zones: WAN
Destination networks: Any
In Web Policy select Scan HTTP and Decrypted HTTPS and Use Zero-day Protection to use this feature.
Click on Save.
Step 2: Test the Zero-day Protection feature
To test you visit the following website: https://www.wicar.org/
Select CLICK HERE TO TEST YOUR BROWSER AND NETWORK and click on the test files below.
Or you can also visit the website: http://www.rexswain.com/eicar.html
Choose to download the eicar files below.
To check the results on Sophos Firewall select Zero-day Protection > Downloads and Attachments.
The test files all have Malicious status and are Blocked.
With View Report you will have a summary file of detailed information about virus files.