Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can we enable http virus scanning without decrypting https?

Yuss Ruo

Hi All,

Greatings, may we know if we can enable http virus scanning without decrypting https? As we can check from the screenshot, there is no way for us to do http scanning without decrypting https.



This thread was automatically locked due to age.
Parents
  • +1

    Hello Yuss Ruo,

    excuse my chiming in, I'm an XG illiterate but the subject drew my attention.

    Do I understand correctly that you are aware that without decrypting you can't scan HTTPS traffic, but you don't want to completely forgo virus scanning, and you are content with scanning only plain HTTP?
    If so, why do you think there is no way for [you]t o do http scanning without decrypting https? The option is Scan HTTP and decrypted (not decrypt) HTTPS and the XG help says: This option doesn't turn on HTTPS decryption.

    Christian

  • 0 in reply to QC

    You are correct. Basically this option forwards everything "technically possible to analyze" to the proxy. Means HTTP and (if decrypted "somehow") HTTPS. 

    You can use DPI Engine (SSL/TLS Rules) or the old Proxy on the right, to decrypt the traffic. 

    If you are not decrypt the traffic, basically a EICAR can be downloaded via HTTPs. XG cannot inspect this traffic. 

    See: https://support.sophos.com/support/s/article/KB-000038420?language=en_US

Reply Children
No Data