When creating a custom malware detection profile in Netskope, the primary method of customization beyond selecting detection engines is to add organization-specific intelligence. This is accomplished by using custom file hash lists. A blocklist (also known as a blacklist) contains hashes of files known to be malicious, ensuring they are always blocked. An allowlist (or whitelist) contains hashes of known-good files, such as proprietary internal applications, to prevent false positives. Both are distinct and fundamental components that can be added to a malware detection profile to tailor its detection logic, making them key requirements for this task.

B. Add a quarantine profile.

A quarantine profile is only required if you choose "Quarantine" as a response action. A custom detection profile can be created to use other actions like "Alert" or "Block," which do not require it.

C. Add a remediation profile.

"Remediation profile" is not a standard, configurable object within the Netskope Threat Protection module. Remediation actions (like block, quarantine, alert) are configured directly within the policy or detection profile.

1. Netskope Official Documentation

"Threat Protection": In the Netskope UI and corresponding help documentation

the configuration for a new Malware Detection Profile is located under Policies > Threat Protection > Malware Detection. The creation wizard explicitly provides separate sections to add "Allowlist" and "Blocklist" file hash lists. This demonstrates that both are distinct

expected components for customizing a profile.

2. Netskope Official Documentation

"Create a Malware Detection Profile": The documentation outlines the steps for creating a profile. It specifies that under the "File Hashes" section

an administrator can select pre-configured hash lists for both the Allowlist and Blocklist. This confirms that preparing these lists is a key part of the customization process. The documentation also shows that selecting a "Quarantine Profile" is an optional "On-Detection" action

not a mandatory requirement for creating the profile itself.