I have a basic firewall policy set up with the default LAN_TO_WAN IPS policy enabled. I have downloaded a few different versions of the the standard EICAR test string and these appear in the firewall log under malware but they appear to make it through the firewall and get picked up by Windows Defender on the PC.
Log entries below:
2017-05-24 19:33:26
HTTP
joneda1
192.168.0.10 :64641
213.211.198.62 :80
EICAR-AV-Test
08001
Open PCAP
2017-05-24 19:33:21
HTTP
joneda1
192.168.0.10 :64640
213.211.198.62 :80
EICAR-AV-Test
08001
Open PCAP
2017-05-24 19:33:11
HTTP
joneda1
192.168.0.10 :64628
213.211.198.62 :80
EICAR-AV-Test
08001
Open PCAP
2017-05-24 19:32:53
HTTP
joneda1
192.168.0.10 :64617
213.211.198.62 :80
EICAR-AV-Test
08001
Open PCAP
I'm relatively new to this type of firewall so am I missing something simple here? How do I get the firewall to actually block the traffic?
This thread was automatically locked due to age.
