We had a Cyberoam running Sophos XG updated its AV definitions last night. Today this client couldn't bring up most websites. Or they would partially load with bad formatting after multiple attempts. We were able to work around it by disabling the filters and scanning on the LAN to WAN rules.
Digging into this further, we noticed that the malware logs were filled with these entries.
URL: http://g68.p4.webrootcloudav.com/arm.asp - 08001
We run Webroot on the endpoints for protection. The 08001 means "The URL has been blocked as it contained a virus."
From what I can gather, the Sophos XG AV signatures are blocking the requests from the Webroot web shield, resulting in the website not loading or loading incorrectly.
Has anybody seen anything similar?
This thread was automatically locked due to age.
