This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering "Warned File Extensions" not working

Client is on a SG115 UTM version 9.408-4.  Setup Web Filtering Default Policy to Warn for all File Extensions (just like most all other SG UTM's we setup).  We are having an interesting problem.  When the "Content Warning" page comes up the "Site" URL doesn't match the actually URL that the customer is going to.  See Screen Shot for example

 

In this instance, customer is trying to download Mozilla Firefox, but as you can see, if you hit GO...it downloads CCleaner.  I tested this and it doesn't matter what you are trying to download on any website, it always shows that URL and if you hit go always downloads the CCleaner exe



This thread was automatically locked due to age.
Parents
  • You need to study ftghe web logs.  Assuming that mozilla is fully converted to https, that also means enabling https inspection.   It appears that malware is redirecting your traffic.

    You could experiment by changing from warn to block, to see if utm beha es differently.I would be loathe to

Reply
  • You need to study ftghe web logs.  Assuming that mozilla is fully converted to https, that also means enabling https inspection.   It appears that malware is redirecting your traffic.

    You could experiment by changing from warn to block, to see if utm beha es differently.I would be loathe to

Children
  • Sorry about the spelling mistakes in the previous reply.  It was sent from my cell phone.   Trying again:

    You need to study the web logs.  Assuming that Mozilla is fully converted to https, that also means enabling https inspection.   It appears that malware is redirecting your traffic.

    You could experiment by changing from warn to block, to see if UTM behaves differently.I would be loathe to actually allow the download.   It should certainly be deleted after download if you allow it.

  • Thanks for the response....

     

    This actually ended up being an issue with the html template.  Someone had edited the default SOPHOS template and accidentally left a line of code that prefilled the url.  I updated the template and now everything is working as it should