How to Block JS/FakeAle-SG or Any Virus?

Hi Navar,

DO you have sandstorm enabled ? Let us know if the file was indeed downloaded through XG firewall.

JS/FakeAle-SG is showing in the XG log viewer and XG custom reports.

Neither tell if JS/FakeAle-SG was blocked.

Sandstorm is a pay subscription and if XG sandstorm is anything like Sophos Email Appliance sandstorm then is it really not worth the subscription cost.

I just want to know if XG is blocking URLs that log with JS/FakeAle-SG or any other URLs that tags with a virus.

I have been going around and around with support and forum threads and I am un-able to get an answer to my simple question.

How do I know that XG is blocking viruses?

The log viewer doesn't tell you.

Reporting doesn't tell you.

Hi,

to block applications you will need to enable HTTPS scanning which will involve installing certificates on your PCs. If you do not enable the HTPPS scanning the firewall will never see the embedded bad stuff.

You will also need to enable web and application scanning in your firewall rules.

Ian

Hi,

to block applications you will need to enable HTTPS scanning which will involve installing certificates on your PCs. If you do not enable the HTPPS scanning the firewall will never see the embedded bad stuff.

You will also need to enable web and application scanning in your firewall rules.

Ian

Just like support you are not answering my question.

In both log viewer and custom reports I see a virus but what I don't see is was it block?

So back to my question was it blocked or not.

You have been advised how block the virus, but choose to ignore the answers. The virus is not blocked by your current configuration. 

Ian

Finally had a call with support and got the answer to my question.

You have to lookup the Message ID.

For this question I asked "How do I know if XG is blocking a virus that shows in log viewer or a custom report?

The log viewer is the only log that gives you the Message ID.  Custom reports do not include the Message ID or the action.

Message ID 08001 means "The URL has been blocked as it contained a virus"

http://docs.sophos.com/nsg/sophos-firewall/v16057/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/AntiVirusLogs.html