This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP/S Malware blocked in Weekly Executive Report

We have a UTM v9.355. Last week's weekly executive report showed "HTTP/S Malware blocked" at "1". We would like to know what malware (and from what internal computer) was blocked but have been unable to locate a log or any further information. An unanswered thread in June 2008 (https://community.sophos.com/products/unified-threat-management/f/55/t/43714) asked this question.

We searched the Web Filter logs for the past month but were unable to find any reliable results. We downloaded the EICAR test virus, which triggered event id 0056 ("web request blocked, virus detected") in the web filter log. Searching this event id gave no results. We tried nearby identifiers (e.g., 0054, 0055) without any success

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Check in 'Logging & Reporting >> Web Protection'. Does that do what you need?

Cheers - Bob
2017-02-21: Corrected "Filtering" to "Protection" Thanks to sectorblue's comment below.
Cancel
Vote Up 0 Vote Down

Cancel
0 sectorblue over 9 years ago in reply to BAlfson

We searched last week's Web Filter logs using grep without any results. With 10 million lines, its a literal needle in a haystack. Anything in particular we should use as a keyword (other than "malware")?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to sectorblue

You misunderstood my post above. Look in 'Reporting'.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 sectorblue over 9 years ago in reply to BAlfson

There is not a Web Filter option under Logging & Reporting but there is a Web Protection option. We located the Virus Downloaders report, but that provides an empty result for the past month. We suspect the UTM categorizes a virus different than malware. There is no malware related report that we can find on this screen.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sectorblue over 9 years ago in reply to BAlfson

There is not a Web Filter option under Logging & Reporting but there is a Web Protection option. We located the Virus Downloaders report, but that provides an empty result for the past month. We suspect the UTM categorizes a virus different than malware. There is no malware related report that we can find on this screen.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 mod2402 over 8 years ago in reply to sectorblue

Hi there,

one of my customers ask me the same. I couldn't answer him. I also can't find a report view where malware instead of virus is shown. Only the executive report shows malware hits. The executive report has shown 300 malware hits one day.

Maybe, this is a Bug!?[:O] Since one year?

regards

mod
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to mod2402

Guys, each of you please open a case with Sophos Support. This is some kind of glitch.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 mod2402 over 8 years ago in reply to BAlfson

case is opened in Germany, ID = 7075926
Cancel
Vote Up 0 Vote Down

Cancel
0 gr33ny over 6 years ago in reply to mod2402

Hello

I've also seen "HTTP/S Malware" in my Daily Executive report a few times but cannot seem to find any details on it via Logging & Reporting.

We use iView and I can't see any Virus' for those days either.

Did anyone find a solution to being able to see further information on the Malware?

Using UTM 9.509-3

Many thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 gr33ny over 6 years ago in reply to gr33ny

Hello

I've found the location:

> Go to Logging & Reporting

> Web Protection

> Under the "Available Reports" drop down menu (top right), select "Categories"

> Select the date range to search

> Sort the Categories by Name (or just scroll down the list and look for "Malicious Sites")

> Now you can select different views (e.g. Users, URLs etc.)

Many thanks
Cancel
Vote Up 0 Vote Down

Cancel