Not blocking Eicar in 3.1.8

cancel
Showing results for 
Search instead for 
Did you mean: 

Not blocking Eicar in 3.1.8

L3 Networker

Since 3.1.8 the PAN do not identificates the Eicar "virus" in all cases. The loading from https://secure.eicar.org/eicarcom2.zip will be possible, but the same file with http://www.eicar.org/download/eicarcom2.zip will be blocked reliably.

3 REPLIES 3

L5 Sessionator

Hi there,

It looks like you couldn't detect EICAR over HTTPS.  Do you have an SSL decryption policy set and enabled?

Not applicable

I would look at the SSL decryption. Tested it plenty of times, worked reliable every time.

michael.schumak schrieb:

I would look at the SSL decryption. Tested it plenty of times, worked reliable every time.

https://secure.eicar.org/eicar_com.zip is blocked. Seems to be a disfunctionality with https and "double-zip". Curiously this morning https://secure.eicar.org/eicarcom2.zip is blocked too.

It is not the first time, i can see an erratic behaviour of the system. In case of doubt, the firewall should normaly block the data stream. I am not sure, if Palo Alto Networks assure that in every case.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!