This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP/S Malware blocked in Weekly Executive Report

We have a UTM v9.355. Last week's weekly executive report showed "HTTP/S Malware blocked" at "1". We would like to know what malware (and from what internal computer) was blocked but have been unable to locate a log or any further information. An unanswered thread in June 2008 (https://community.sophos.com/products/unified-threat-management/f/55/t/43714) asked this question.

We searched the Web Filter logs for the past month but were unable to find any reliable results. We downloaded the EICAR test virus, which triggered event id 0056 ("web request blocked, virus detected") in the web filter log. Searching this event id gave no results. We tried nearby identifiers (e.g., 0054, 0055) without any success



This thread was automatically locked due to age.
Parents Reply Children
  • Hello

     

    I've also seen "HTTP/S Malware" in my Daily Executive report a few times but cannot seem to find any details on it via Logging & Reporting.

     

    We use iView and I can't see any Virus' for those days either.

     

    Did anyone find a solution to being able to see further information on the Malware?

    Using UTM 9.509-3

     

    Many thanks

  • Hello

     

    I've found the location:

    > Go to Logging & Reporting

    > Web Protection

    > Under the "Available Reports" drop down menu (top right), select "Categories"

    > Select the date range to search

    > Sort the Categories by Name (or just scroll down the list and look for "Malicious Sites")

    > Now you can select different views (e.g. Users, URLs etc.)

     

    Many thanks