"Malware 'Unscannable' was detected and blocked in a download from cache.lumension.com"
we are getting around 16 hits of this, two or three times a day in the malware log on our XG210.
I have seen a couple of old posts that dont really say if I should make it an exception or block it.
The source IP is our WS1100 and the Dest IP is our ISP.
Wondered if anyone else has come across it recently and had any further information?
Our Sophos WS1100 also reports it, some blocked and some allowed. These are all ospx url links.
Thank you for contacting the Sophos Community.
Checking with labs, the website is categorized as Computing & Internet, and or IT.
Has this issue resurfaced since you opened the thread?
If this still happens and to know if it is a false positive we would need to do a packet capture to submit to Labs, if that website is yours or you know that website you could create an exception in the SWA and XG for not scanning.
Protect >> Web >> Exceptions >> Add
Configuration >> Group Policy >> Local Site List >> Add site
If you want to do the packet capture, please send me a PM, we would need it for both the XG and SWA.
thanks for the reply.
I have also found this link,
would you think this is related to my question?
Thank you for the follow-up.
Yes, I investigate a bit more and it seems Lumension is our Sophos Technology partner for the Patch capability. I am from the Firewall team so not very familiar with endpoint.
So if you could create the exceptions I mentioned it should solve the issue, it does seem like they are false positives.
Also, it is recommended to have the following exception in the SWA and the XG.
Hi, thanks for checking this, I will add these exceptions and get back to you.
after adding the exceptions that you found and monitoring it for the past week, we have had no more log entries for the "Malware unscannable message" for this site so it looks to have been successful.
Thanks for your help with this.
You are welcome! I have sent you a PM if you have 7 seconds to check it I would appreciate it.