I wasn't sure where else to put this question.
I am using decrypt and scan on the Web Protection side of things. I have the dual AV scanner active.
I downloaded the Eicar file over HTTPS and it was blocked for being a virus. I downloaded it in a .zip and it was blocked. I downloaded the eicarcom2.zip file and it was blocked for "malicious downloads" not "virus infected" which makes me think that the scanner didn't come into effect, only the blacklisting of malicious websites did.
I also downloaded a zipped trojan over NNTPS that Sophos endpoint is capable of detecting and it went through. Does the AV only scan files through the common HTTP/HTTPS protocols? Downloading the Eicar zip rules out that it only scans at a depth of 1. Related question: what depth does the UTM's AV scanner go to?
Thanks for any information provided.
This thread was automatically locked due to age.
