Announcement

Collapse
No announcement yet.

Is 'Virus Blocker' not intercepting ssl inspected https traffic?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Is 'Virus Blocker' not intercepting ssl inspected https traffic?

    I've added an explicit ssl inspect rule for eicar.org and according to the log it's being ssl inspected successfully. And I would have expected the virus blocker to intercept the "virus" being downloaded, but it doesn't. Shouldn't it do that? Or I'm I doing something wrong?

    If not, then whats the point of the virus blocker? I mean more than 80% of my internet traffic is ssl.

    /Peter
    Tags: None
  • #2
    Originally posted by bndt206 View Post
    I've added an explicit ssl inspect rule for eicar.org and according to the log it's being ssl inspected successfully.

    /Peter
    Should definitely be inspected! Once successfully intercepted, traffic is similarly to standard HTTP traffic for the apps...

    Make sure that
    • interception is working for the related device (inspection activated in the correct policy, device assigned to the related policy)
    • no rule is blocking "traffic other than SSL on port 443" (rule is listed in Application Control by default). Because after the interception, traffic is detected as standard HTTP traffic on port 443.
    • the rule for inspecting eicar.org is correctly written in the SSL Inspection App. You should use wildcard (*eicar.org*) since the HTTPS files are stored on "secure.eicar.org"
    • Virus Blocker is enabled to scan HTTP, scan engines and the related file extensions (ZIP / COM) are enabled

    Comment

    Previous template Next
    Working...
    X
    😀
    🥰
    🤢
    😎
    😡
    👍
    👎