This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exec Report - HTTP/S Malware blocked

Hi 

Using UTM 9.502.

A receive the daily executive report from the utm and for the last few days have seen an item "HTTP/S Malware blocked  59" . Where can I find information on which user and sites this occurred on? The web reports only show virus downloaders and some other... can't seem to find this specifically.

 

Regards

Sean



This thread was automatically locked due to age.
Parents Reply
  • "Malicious Sites" are those blocked because they are categorized like that, not because AV detected malware.

    On the 'Web Usage Reports' tab, select "URLs" at the top-right, click on the green + at top-left and select "Info virus."

    Does that show you what you were looking for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Unfortunately that returns an empty result.

  • Which means that there were no actual virus detections. The Exec Report "HTTPS malware blocked" is reporting on sites where they are categorized as malicious sites. As i said before, i monitor this daily, and the counts on the malicious sites always match 100% to the Exec Report. Have you tried testing this with one day's results only? If you totals don't match, then I guess it stands to reason that besides malicious site access, there might be something else included in the Exec report numbers, but I have never seen this.

    When i originally raised this here, I also logged a support call with Sophos, and they are the ones who told me it is a how to see it in the interface (i.e. malicious sites)

  • Which means that there were no actual virus detections.

    Exactly and I didn't expect that to show anything (no offense BAlfson).

    When i originally raised this here, I also logged a support call with Sophos, and they are the ones who told me it is a how to see it in the interface (i.e. malicious sites)

    OK that's good info.  I don't have mine setup for daily reports since this is for home use but will try that and see how things go.