ATP FQDN exceptions

Hi,

Would be nice if we could exclude FQDN for ATP scanning and not only files.

Message: Policy Name: HTTPS Internal-OUT-00 Action: ProxyDrop: Reason: HTTP APT detected Source IP: x.x.x.x Source Port: 64167 Destination IP: 13.35.199.93 Destination Port: 443 host: download2.veeam.com path: /VeeamONE.Signature.1.4.2.0.package md5: 6eb3188f4412ee89d1822e3945cb0d46 task_uuid: a39a69fdc7a000200c10425f806b7d28 threat_level: medium

Veeam ONE signature files always get blocked.

Robert

Comments

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @RVilhelmsen

    If you wanted to exclude an FQDN from APT, you can make a policy to/from (depending on direction) *.veeam.com with a copy of your proxy that has APT turned off. (I realize that's a bit of a clunky workaround, but it'd accomplish what you're looking to do.)

    I'm not specifically familiar with veeam, but if their download involves any kind of signatures (like IPS or AV) the definitions sometimes contain bits of information that other engines will pick up. Keeping that from happening (as they'll be constantly changing) may not be possible, so an exception is probably the best way to go.

    -James Carson
    WatchGuard Customer Support

  • @James_Carson
    Thanks, i´ll make a exception.

    /Robert

Sign In to comment.