This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exec Report - HTTP/S Malware blocked

Hi 

Using UTM 9.502.

A receive the daily executive report from the utm and for the last few days have seen an item "HTTP/S Malware blocked  59" . Where can I find information on which user and sites this occurred on? The web reports only show virus downloaders and some other... can't seem to find this specifically.

 

Regards

Sean



This thread was automatically locked due to age.
Parents
  • Has anyone figured this out? I've seen this in my last three weekly Executive Reports where every previous report had a "0" value for HTTP/S Malware blocked.  I would really like to know what was blocked and whom is doing what to produce these results...

    Screenshots of the first to most recent report:

    I'm on 9.502-4 currently.

    The community has another user whom posted with the same issue last year that went nowhere: https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/78396/http-s-malware-blocked-47-where-can-i-find-in-logs-info-about-this

  • Hi,

    I found it in the logging and reporting - Web Protection. If you set the available reports drop down to "Categories", then search through the results and find "malicious Sites"

  • I saw that but am not certain that it corresponds to what the Executive Report defines as "HTTP/S Malware blocked".  My Executive Report for last week says 10 items were blocked.  According to the "Malicious Sites" category I had just 2 requests last week.

    The Executive Report before that said 25 items were blocked.  The "Malicious Sites" Category says 31 requests...

  • I check mine daily (have a daily exec report running), and the numbers always tally up correctly. 

    Are you sure your date range matches (start and end dates) between your Exec report and the online query?

  • "Malicious Sites" are those blocked because they are categorized like that, not because AV detected malware.

    On the 'Web Usage Reports' tab, select "URLs" at the top-right, click on the green + at top-left and select "Info virus."

    Does that show you what you were looking for?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Unfortunately that returns an empty result.

  • Which means that there were no actual virus detections. The Exec Report "HTTPS malware blocked" is reporting on sites where they are categorized as malicious sites. As i said before, i monitor this daily, and the counts on the malicious sites always match 100% to the Exec Report. Have you tried testing this with one day's results only? If you totals don't match, then I guess it stands to reason that besides malicious site access, there might be something else included in the Exec report numbers, but I have never seen this.

    When i originally raised this here, I also logged a support call with Sophos, and they are the ones who told me it is a how to see it in the interface (i.e. malicious sites)

  • Which means that there were no actual virus detections.

    Exactly and I didn't expect that to show anything (no offense BAlfson).

    When i originally raised this here, I also logged a support call with Sophos, and they are the ones who told me it is a how to see it in the interface (i.e. malicious sites)

    OK that's good info.  I don't have mine setup for daily reports since this is for home use but will try that and see how things go.

Reply
  • Which means that there were no actual virus detections.

    Exactly and I didn't expect that to show anything (no offense BAlfson).

    When i originally raised this here, I also logged a support call with Sophos, and they are the ones who told me it is a how to see it in the interface (i.e. malicious sites)

    OK that's good info.  I don't have mine setup for daily reports since this is for home use but will try that and see how things go.

Children
No Data