Hi,
Nowadays there's lot's of malware going through discord, I would like to know why "discordapp[.]com" is on the Managed TLS Exclusion List.
Currently the DPI Engine of v18 is capable of fully decrypting the connection, of course with the XG CA installed on the machine, so It doesn't make sense having it on the exclusion list. Can we at least be able to edit that list?
Here's an example of a malware being sent over discord:
Be careful opening this link, It has been identified as "Troj/Bbindi-W".
https :// cdn [.] discordapp [.] com/attachments/ 14836703273025566/ 714838662537281616/ nexo.exe
Since the domain has on the exclusion list, the malware passed through XG without any issue, there has already a SSL/TLS Decrypt Rule in place over the machine that accessed this domain.
Thanks!
This thread was automatically locked due to age.