Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Dec 2020
    Posts
    14

    Default Is 'Virus Blocker' not intercepting ssl inspected https traffic?

    I've added an explicit ssl inspect rule for eicar.org and according to the log it's being ssl inspected successfully. And I would have expected the virus blocker to intercept the "virus" being downloaded, but it doesn't. Shouldn't it do that? Or I'm I doing something wrong?

    If not, then whats the point of the virus blocker? I mean more than 80% of my internet traffic is ssl.

    /Peter

  2. #2
    Untanglit
    Join Date
    Jun 2020
    Posts
    29

    Default

    Quote Originally Posted by bndt206 View Post
    I've added an explicit ssl inspect rule for eicar.org and according to the log it's being ssl inspected successfully.

    /Peter
    Should definitely be inspected! Once successfully intercepted, traffic is similarly to standard HTTP traffic for the apps...

    Make sure that
    • interception is working for the related device (inspection activated in the correct policy, device assigned to the related policy)
    • no rule is blocking "traffic other than SSL on port 443" (rule is listed in Application Control by default). Because after the interception, traffic is detected as standard HTTP traffic on port 443.
    • the rule for inspecting eicar.org is correctly written in the SSL Inspection App. You should use wildcard (*eicar.org*) since the HTTPS files are stored on "secure.eicar.org"
    • Virus Blocker is enabled to scan HTTP, scan engines and the related file extensions (ZIP / COM) are enabled

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2