This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Not blocking Eicar in 3.1.8

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Not blocking Eicar in 3.1.8

mhuels
L3 Networker

‎04-11-2011 06:57 AM

Since 3.1.8 the PAN do not identificates the Eicar "virus" in all cases. The loading from https://secure.eicar.org/eicarcom2.zip will be possible, but the same file with http://www.eicar.org/download/eicarcom2.zip will be blocked reliably.

0 Likes Likes
3 REPLIES 3

dyang
L5 Sessionator

‎04-11-2011 10:39 AM

Hi there,

It looks like you couldn't detect EICAR over HTTPS.  Do you have an SSL decryption policy set and enabled?

0 Likes Likes

michael_schumak
Not applicable

‎04-11-2011 03:26 PM

I would look at the SSL decryption. Tested it plenty of times, worked reliable every time.

0 Likes Likes

mhuels
L3 Networker
In response to michael_schumak

‎04-12-2011 01:10 AM 

michael.schumak schrieb:
I would look at the SSL decryption. Tested it plenty of times, worked reliable every time.

https://secure.eicar.org/eicar_com.zip is blocked. Seems to be a disfunctionality with https and "double-zip". Curiously this morning https://secure.eicar.org/eicarcom2.zip is blocked too.

It is not the first time, i can see an erratic behaviour of the system. In case of doubt, the firewall should normaly block the data stream. I am not sure, if Palo Alto Networks assure that in every case.

0 Likes Likes
  • 2496 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks