ATP FQDN exceptions
Hi,
Would be nice if we could exclude FQDN for ATP scanning and not only files.
Message: Policy Name: HTTPS Internal-OUT-00 Action: ProxyDrop: Reason: HTTP APT detected Source IP: x.x.x.x Source Port: 64167 Destination IP: 13.35.199.93 Destination Port: 443 host: download2.veeam.com path: /VeeamONE.Signature.1.4.2.0.package md5: 6eb3188f4412ee89d1822e3945cb0d46 task_uuid: a39a69fdc7a000200c10425f806b7d28 threat_level: medium
Veeam ONE signature files always get blocked.
Robert
0
Sign In to comment.
Comments
Hi @RVilhelmsen
If you wanted to exclude an FQDN from APT, you can make a policy to/from (depending on direction) *.veeam.com with a copy of your proxy that has APT turned off. (I realize that's a bit of a clunky workaround, but it'd accomplish what you're looking to do.)
I'm not specifically familiar with veeam, but if their download involves any kind of signatures (like IPS or AV) the definitions sometimes contain bits of information that other engines will pick up. Keeping that from happening (as they'll be constantly changing) may not be possible, so an exception is probably the best way to go.
-James Carson
WatchGuard Customer Support
@James_Carson
Thanks, i´ll make a exception.
/Robert