Hi
I just want to bring to SOPHOS attention a problem I face when reading up on Threats and ensuring different layers protection is either updated correctly or if manual configuraiton is needed.
I use this as example as it is reported by Both SOPHOS and TREND MICRO.
1) Trojan horse designed to steal your photos | Naked Security
2) HTTPS, SSL No Match for PASSTEAL Malware | Security Intelligence Blog | Trend Micro
For Trend Micro
1) I know the End Point would detect it. Great.
2) I know the Smart Protection Network would block connection to those knowl malicious FTP Server. Great ! Defence In Depth, if really infected, another layer would block the transmission etc.
For SOPHOS
1) I know the End Point would detect. Great>
2) I do NOT know if the Intrusion Prevention System would detect and block these knowm malicious communication to malicious host.
3) I thought about the Content Protection whereby it has catagory for Malicious Sites, it has this fancy button Block Communications of Spyware etc. But to my understanding, it does not apply to FTP.
4) I did enable FTP proxy but the Antivirus would not report anything as the picture files is not malicious.
5) Yes I noted the point about disable FTP Completely but that is kind of too drastic - I would say even if I want to do this, would take sometime to iron out as you never known when something somewhere needs it.
By the way - How can I allow FTP Download ONLY and NOT Upload?
Anyway main thing now is I am trying to get SOPHOS when they advice people, it would be good that they also advice people who is using UTM
1) Using which Updates ***X would detect and block etc.
2) Advice what additional configuration we need to add manually if necessary (Ideally your up2date add it would be good) just like how they add those Web Proxy Exceptions.
This thread was automatically locked due to age.
