Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 1021 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Home and malware detection

Volker Bandke

I have migrated the settings of my (now end-of-life) Cyberoam device to a Protectli FW4B that is running Sophos Firewall XG Home Edition, latest version.

Initially I was quite happy, but then I tried the EICAR.ORG testfiles, and those Test-Viruses were not detected, as opposed to thr Cyberoam device, which immediately shows an alert message.

Probably, this is one of the cases where the error is just between the chair and the screen :). So, what did I overlook/forget/screw up?

There are no entries in the malware log, the firewall log just shows“allowed“ for the web access, and the firewall rule contains http scanning (see image below)

with best regards



This thread was automatically locked due to age.
  • 0

    Sorry about the typos - my IPad tries to autocorrect  the Text, but uses the German dictionary.  Also, I can‘t find a button to edit a post after having sent it.

    Best regards

    Volker

    With best regards

    Volker

    This message was written using a smartphone, that might explain the typos and the weird words inserted by autocorrect..

    Protectli FW4B, Sophos Firewall XG Home Edition SFVH (SFOS 18.5.1 MR-1-Build326)

  • 0

    Are you doing TLS Decryption?

    Right now on the EICAR page your only able to download the test files through HTTPS, in order for the Firewall to scan the encrypted traffic it needs to decrypt it first.

    If you download the EICAR file through a HTTP (plain-text) connection (on another website) the firewall will catch and block it; If not, please report here.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Where would I turn on that TLS decryption?  Obviously, my Cyberoam box does this, and I migrated the Cyberoam settings.  Which buttons do I have to press?

    Thanks for the very quick response!

    Volker

    With best regards

    Volker

    This message was written using a smartphone, that might explain the typos and the weird words inserted by autocorrect..

    Protectli FW4B, Sophos Firewall XG Home Edition SFVH (SFOS 18.5.1 MR-1-Build326)

  • +1 in reply to Volker Bandke

    You can find more information here: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/SSLTLSInspectionRules.html

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Thanks again.  I had TLS decryption turned on (thats good), but there is an exclusion rule present, (that’s bad) which I did not create.  Going to RTFM Slight smile

     with best regards from Germany

    Volker

    With best regards

    Volker

    This message was written using a smartphone, that might explain the typos and the weird words inserted by autocorrect..

    Protectli FW4B, Sophos Firewall XG Home Edition SFVH (SFOS 18.5.1 MR-1-Build326)

  • 0 in reply to Prism

    Reading TFM is not really a problem for me, but F inding  TFM sure is :) . Anyhow, your link did help and I am now on my way … to the next roadblock!

    With best regards

    Volker

    This message was written using a smartphone, that might explain the typos and the weird words inserted by autocorrect..

    Protectli FW4B, Sophos Firewall XG Home Edition SFVH (SFOS 18.5.1 MR-1-Build326)

Cookie Information Banner