This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ESET file was blocked

Hi,

I found UTM9 block NOD32 to download a "XXXX.dll.nup" file. 

Because of it, I added following settings.

A) At Web Filter Profiles | Filter Actions | Warned file extensions , I added "nup".

B) At Filtering Options , I added a new Exception List:

1) ^https?://([A-Za-z0-9.-]*\.)?eset\.com
2) click all skip checks

Unfortunately , the file still not download from NOD32. 

Who can give any help for me?

Thanks a lot!



This thread was automatically locked due to age.
Parents
  • Start the Web Filtering Live Log and try to download the file.  Copy the relevant line here.

    Cheers - Bob
    PS Moving this to the Web Protection forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    Following is the Live Log about it

    2018:08:25-10:09:53 XXXXXX httpproxy[30993]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.77.192.159" dstip="91.228.166.88" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xda2db000" url="91.228.166.88/.../em002_64_l1.dll.nup" referer="" error="" authtime="0" dnstime="0" cattime="109" avscantime="1523" fullreqtime="115519404" device="0" auth="0" ua="EES Update (Windows; U; 64bit; BPC 6.6.2086.1; OS: 6.1.7601 SP 1.0 NT; TDB 37939; CL 1.0.0; x64c; APP ees; ASP 0.0; FW 0.0; PX 0; PUA 0; CD 1; RA 0; HWF: 0100DD41-3E3F-4E90-9B0C-F1AA0B70BBB1; PLOC zh_tw; PCODE 111.0.0; PAR 0; ATH -1; DC 0; PLID 3AC-GUG-36A" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" content-type="application/octet-stream"

    If I stop the web protection, this file can be downloaded.

    Thanks a lot!

    Perry

  • fullreqtime="115519404"

    Some web servers have a problem with the slight delay caused by antivirus.  First, try an Exception for Antivirus for 91.228.166.88.  If that doesn't work, you'll need to skip the Proxy for it.  This is done differently when using Standard mode instead of Transparent.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob,

    After I switch from Transparent mode to Standard mode, ESET file can be downloaded now.

    Basically, Whats the different between Transparent mode to Standard mode? Do you have any document relate to it?

    Thanks a lot!

  • Unless you modified the Proxy Settings in your browser, selecting Standard mode effectively disabled Web Filtering.  Look at the online Help for this.  The other information out there is beyond your experience with WebAdmin at present.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • IC,

    How to set this IP 91.228.166.88 to Exception or fully trust this IP? Could you please give more information for me, thanks.

  • In Transparent Mode, this is done in WebAdmin.  On the 'Misc' tab of 'Web Protection >> Filtering Options', add a Host definition for 91.228.166.88 to 'Skip Transparent Mode Destination Hosts/Nets'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    First of all, Thanks a lot!

    If I know a ESET IP Range is from 91.228.165.1 to 91.228.167.255, how can I trust this range in the firewall?

    Could you give any idea for me?

    Thanks!

  • Hi Perry,

    you can create an object with the type range.

    there you can add your ip adress range.

    Best Regards
    DKKDG

Reply Children
  • DKKDG, the Range definition in UTM is very inefficient because of how the configuration daemon translates the definition into the code that runs the UTM.  I don't know the details, but that was mentioned to me at some point in time by one  of the developers not long after Range objects were added to WebAdmin.

    In this case, the CIDR range, 91.228.165.0/24, used in a standard Network definition is the preferred solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA