Management, Networking, Logging and Reporting Blocked entire "Unclassified Applications"

UTM Firewall requires membership for participation - click to join

Thread Info

Locked Locked
Replies 1 reply
Subscribers 3 subscribers
Views 4740 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocked entire "Unclassified Applications"

LoveMae over 7 years ago

Hi guys,

I just wanna ask help or any suggestions how can I blocked entirely "Unclassified Applications" that eat most of my bandwidth? See reports below:

Any recommendations will be much appreciated. Thank you.

Regards,

Anthony

This thread was automatically locked due to age.

Parents

sachingurung over 7 years ago

Hi Anthony,

There is an open feature request to identify the unclassified traffic reported in UTM. Cast your vote on this http://ideas.sophos.com/forums/133994-utm-application-pattern-requests/suggestions/6629295-identify-unclassified-traffic-in-log-so-that-it-ma .

Alongside, classified apps are based on various parameter, usually unique port(s) used by a particular service or a list of know servers that are utilized. If the UTM doesn't have those definition parameters, because the app uses dynamic/non-unique ports or is constantly changing servers, the app shows as unclassified. Hit the various reports under logging and reporting to find the port(s) used, the remote server address, and the address of your client machine. You can then use a combination of your knowledge of what's installed on your client machine, the data in the reports and logs on the UTM, google searches, and whois lookups/nslookups to possibly track things down one by one.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

sachingurung over 7 years ago

Hi Anthony,

There is an open feature request to identify the unclassified traffic reported in UTM. Cast your vote on this http://ideas.sophos.com/forums/133994-utm-application-pattern-requests/suggestions/6629295-identify-unclassified-traffic-in-log-so-that-it-ma .

Alongside, classified apps are based on various parameter, usually unique port(s) used by a particular service or a list of know servers that are utilized. If the UTM doesn't have those definition parameters, because the app uses dynamic/non-unique ports or is constantly changing servers, the app shows as unclassified. Hit the various reports under logging and reporting to find the port(s) used, the remote server address, and the address of your client machine. You can then use a combination of your knowledge of what's installed on your client machine, the data in the reports and logs on the UTM, google searches, and whois lookups/nslookups to possibly track things down one by one.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data