edited April 2020 in Firebox - Proxies
today we received an email with a link for One drive inside, we opened the links inside a virtual machine knowing that it was a vbs, .zip script, our M200 seems to have checked nothing and let it pass undisturbed, a question eludes me something in the control of One drive, we have active http and https with inspection and everything configured seems correctly.
Sign In to comment.
For the record, what XTM version are you running?
There are a long list of domains which are excluded from Inspect - the Predefined Content Inspection Exceptions list.
Perhaps the domain name is being excluded here.
What is the domain name in your email link?
If the domain name does not seem to be in your config, you can set up a test HTTPS proxy for the test VM IP addr, with logging enabled on the HTTPS & HTTP proxy actions, so that you can see what is happening in Traffic Monitor.
the domain is onedrive.live.com, I have already checked the "Enabled Predefined inspection ecxception" exclusions, the file is infected on Virus total but not recognized by Bitdefender, the problem is that the file is downloaded but it does not seem to have been properly processed by the http / s in fact does not even appear the name of the file written in the log.
For the moment I made a reloga that blocks all traffic from onedrive.live.com which is outside Italy but not that it is a great solution ..
Running M200 os v. 12.5.3
Consider opening a support incident on this.
ok, thank you