Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Not blocking Test Virus at all

John Aceti

Not sure what is going on but my XG v18 sr5 not blocking any AV test viruses. Most all other blocks in polices etc work fine. I have everything selected in the AV settings, using dual realtime tried changing it, nothing, nothing in log. My PC AV reports on it and cleans.

ANyone else having this issue? System completely updated and today is 6/16/2021



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Are those samples being downloaded through TLS? If It is, you will need to create a new TLS Inspection Policy in order to Decrypt the traffic.

    Without doing this the Firewall won't be able to inspect the SSL/TLS Encrypted connection for Malware/PUA.

    Also, can you try downloading an Eicar sample to see If It triggers the Block message? Download through both HTTP and HTTPS.

    At last, can you send a picture of your Firewall Rule?

    Thanks!

  • 0 in reply to Prism

    Yeah, I think your right, I went to the sophostest page and went to the Eicar section. First my pc software blocked the page, I bypassed it and then the sophos xg prevented. But when I go to Eicar.ORG page which is SSL it does not block it. I thought I had https decryption enabled.

  • 0 in reply to John Aceti

    I was fooled by the TLS at first: a Firewall Rule can say to do it, but that just refers things to the TLS Rules and if one of the TLS Rules doesn't explicitly cause something to be decrypted -- i.e. you fall off the end of the TLS Rules -- it won't be decrypted. So you also need to have a TLS Rule in place.

Reply
  • 0 in reply to John Aceti

    I was fooled by the TLS at first: a Firewall Rule can say to do it, but that just refers things to the TLS Rules and if one of the TLS Rules doesn't explicitly cause something to be decrypted -- i.e. you fall off the end of the TLS Rules -- it won't be decrypted. So you also need to have a TLS Rule in place.

Children