Can we enable http virus scanning without decrypting https?

Hello Yuss Ruo,

excuse my chiming in, I'm an XG illiterate but the subject drew my attention.

Do I understand correctly that you are aware that without decrypting you can't scan HTTPS traffic, but you don't want to completely forgo virus scanning, and you are content with scanning only plain HTTP?
If so, why do you think there is no way for [you]t o do http scanning without decrypting https? The option is Scan HTTP and decrypted (not decrypt) HTTPS and the XG help says: This option doesn't turn on HTTPS decryption.

Christian

Hello Yuss Ruo,

excuse my chiming in, I'm an XG illiterate but the subject drew my attention.

Do I understand correctly that you are aware that without decrypting you can't scan HTTPS traffic, but you don't want to completely forgo virus scanning, and you are content with scanning only plain HTTP?
If so, why do you think there is no way for [you]t o do http scanning without decrypting https? The option is Scan HTTP and decrypted (not decrypt) HTTPS and the XG help says: This option doesn't turn on HTTPS decryption.

Christian

You are correct. Basically this option forwards everything "technically possible to analyze" to the proxy. Means HTTP and (if decrypted "somehow") HTTPS. 

You can use DPI Engine (SSL/TLS Rules) or the old Proxy on the right, to decrypt the traffic. 

If you are not decrypt the traffic, basically a EICAR can be downloaded via HTTPs. XG cannot inspect this traffic. 

See: https://support.sophos.com/support/s/article/KB-000038420?language=en_US

Hello QC, 

Noted and tested successfully.

Thanks for response.

Regards,

Yuss