Summary:
-
Create a URL Profile
-
Attach it to a security policy
Summary:
-
Create an anti-virus Profile
-
Attach it to a security policy
-
Block a SSL encrypted virus file
Knowledge:
Anti-virus license = "Threat Prevention"
Details:
1. Create an anti-virus Profile
-
Clone from the default anti-virus profile and rename it:
2. Attach it to the policy for Tiger to go out to the Internet
-
Download an anti-malware testfile from www.eicar.org
3. Block a SSL encrypted virus file
-
Note, right now the firewall does not inspect SSL encrypted virus file
-
The firewall still blocks the file from downloading, but notice that your PC is still able to go or trying to visit the URL
-
Create a SSL Decryption policy. Since I already have one for Tiger to inspect and block social news, I can just add the category for www.eicar.org to the same rule. Before you do that, you will need to know which category www.eicar.org belongs to:
-
Now, we can also utilize URL filtering feature to ask the firewall to block the site (not even trying to download the SSL encrypted virus file). You do not have to do this step, the default behavior is to reset the connection by the firewall.
Note: here I just edited the existing URL profile for Tiger, and updated the computer-and-internet-info's action from allow to block
Let's try to download the SSL encrypted virus again
