Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 15623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter Antivirus Scanning

nicholasbooth

Not sure if I am expecting too much. The AV option of XG in Web Protection / Web Content Filter. My machine is set to have http and https scanned for all sites, should it pick up websites with Virus in them and block? Just wondered as I had a spoofing Apple email asking me to complete my details, I like to go to the sites and fill out rubbish and a few nasty words for my own enjoyment and the web site had some virus on it. My PC picked it up and blocked, so not massively concerned. Just wondered if it should be picking it up, do I need to be using proxy for it to work? I have a general Rule that allows internet from the LAN for all machines and set to scan HTTP and HTTPS, any site that doesn't like the https scan gets added rule higher up that excludes it from this, but this site is most definitely not in the list.

Just wondered if it should have worked and blocked it?



This thread was automatically locked due to age.
  • 0

    Hi Nicholas,

    Security Policies are security rule-sets to implement control over users, applications or network objects in an organization. Using Security Policies, you can create blanket or specialized traffic transit rules based on the requirement. Policies provide centralized management for the entire set of device security policies. You can implement Web Protection on the relevant User/Network Rule.

    You can refer a similar post on our community to understand this further. Request you to refer the link :

    community.sophos.com/.../74073

    Hope that helps.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    No, sorry, my question was maybe more basic than that. With HTTP Scanning and https Scanning enabled, should I be able to browse through to an infected web site so that the local AV solution on my PC alerts and removes the virus.

  • 0

    In the Firewall rule if you have Malware scanning turned on for HTTP and HTTPS you should have been blocked.

    Also go to Protection, Web Protection, Web Content Filter, HTTP/HTTPS Configurations.  Files larger than the threshold are not scanned.  Batch scanning gives better blocks that Real-time and should be used if you are having issues.

    The best way to test is using this file which is benign but will trigger a detection in all AV products:

    http://www.eicar.org/85-0-Download.html

    If you are still having issues, please also go to Diagnostics, Log Viewer, Malware and let us know if anything was logged.

  • 0 in reply to Michael Dunn

    Excellent thank you. Have upgraded to MR2 and just tested this now, nothing on my PC's at all so working well. I cannot try the other link as it has been taken down now so will carry on monitoring and let you know if anything else comes up.

    Also, I changed the the Batch Scanning to real time as this really helped with Streaming services like Amazon and NowTV. 

Unfiltered HTML