To that guy ... Um RTFM...
And for the version of your firmware
Root cause is that the sender is sending email in Rich Test format to this user!https://www.slipstick.com/problems/outlook-is-sending-winmail-dat-attachments/
Why do email attachments sent through the SMTP-proxy appear as Winmail.dat attachments?http://watchguardsupport.force.com/publicKB?type=KBArticle&SFDCID=kA2A00000000FnKKAU&lang=en_US
In Policy Manager:
Setup -> OS Compatability
CryptQueryObject is used to pull signing information from files that have been signed (like executable, office documents, etc.) It's fairly common for them to be self-signed or also not be signed at all. If that happens, a log will appear. So long as you're not having trouble opening a document, the log can be disregarded.
If you're unable to get to your firewall in WG cloud, you should be able to make the exception locally via the System Manager.
If you're running into an error accessing your firebox, I'd suggest opening a support incident so that our support representatives can assist.
You should be able to allocate that new license to your account with no change.
If you have an end user account, activate the license like here:
If you are a service provider, you'll need to allocate the licenses to the specific account you want them to be used on:
Whenever I see "We do read your feedback and", it usually means "We hear you, but we really are not going to change."
BRAVO to WatchGuard for not only listening, but responding in a positive way. I don't use your APs, but I am sure you will make a lot of people happy with this announcement!
"I'm also finding that the whole IT Security topic is so vast that I may never comprehend everything." Oh, you could not be more correct! It can be utterly overwhelming.
What Firebox and Fireware are you running?
If you are post 11.5.x, have you regenerated all the self-signed certs on the box so that they are all SHA256 and not SHA1?
What are your results if you use https://www.ssllabs.com/ssltest/analyze.html to test (be sure to check the box not to show your results on the boards)?
Interesting. I got curious and ran my own T35 running 12.5.2 Update 1 against that site and got "This server supports TLS 1.1. Grade will be capped to B from January 2020." Dang you! Now I have to check my own systems!
Thanks Bruce. I take back what I said about not seeing these logs on my own Firebox. I'll get something logged to make sure these logs get moved to Debug.
You got it.
Do you have logging enabled for the outbound 587 rule? If not, enable it, and I bet you'll see allowed traffic from the printer that is throwing the deny messages that hit the dst_intf=Firebox target. If the printer works to send on 587, ignore the messages. I have an open case on it with a request to allow disabling logging of those bogus messages. My perfectly-working UniFi wireless access points seem to throw these logs a lot...there are four or five for each successful outbound packet to my UniFi controller, whether it's my LAN or a clients' remote AP phoning home (their Fireboxes show the same thing).
I ignore all of those message as they are utterly meaningless.