Onedrive link

edited April 2020 in Firebox - Proxies


today we received an email with a link for One drive inside, we opened the links inside a virtual machine knowing that it was a vbs, .zip script, our M200 seems to have checked nothing and let it pass undisturbed, a question eludes me something in the control of One drive, we have active http and https with inspection and everything configured seems correctly.

Thanks Cristiano


  • Options

    For the record, what XTM version are you running?

    There are a long list of domains which are excluded from Inspect - the Predefined Content Inspection Exceptions list.
    Perhaps the domain name is being excluded here.

    What is the domain name in your email link?

    If the domain name does not seem to be in your config, you can set up a test HTTPS proxy for the test VM IP addr, with logging enabled on the HTTPS & HTTP proxy actions, so that you can see what is happening in Traffic Monitor.

  • Options

    Hi Bruce,

    the domain is onedrive.live.com, I have already checked the "Enabled Predefined inspection ecxception" exclusions, the file is infected on Virus total but not recognized by Bitdefender, the problem is that the file is downloaded but it does not seem to have been properly processed by the http / s in fact does not even appear the name of the file written in the log.

    For the moment I made a reloga that blocks all traffic from onedrive.live.com which is outside Italy but not that it is a great solution ..

  • Options

    Running M200 os v. 12.5.3

  • Options

    Consider opening a support incident on this.

  • Options

    ok, thank you

Sign In to comment.