v4.38 / Memory Warning / AV Cloud Query Bypass ???
All Replies
-
OK, I'll have a look sometime later then. Thanks!0
-
Hi WMelonMan,I found some (small) information on Express Mode here: https://www.zyxel.com/uk/en/products_services/Unified-Security-Gateway-USG40-40W-60-60W/"ZyWALL USG series supports Express Mode with advanced Cloud Query technology which has 30 billion of file ID in Zyxel security cloud’s database and constantly adapts new malware data every minute via Threat Intelligence Machine Learning. This innovative design improves the anti-malware detection efficiency, enables it to verify the file ID within seconds to get the most optimal threat detection, so that the ZyWALL USG series can gain higher throughput performance."I will give it a try now ...edit: Now I've tried to activate the Express Mode in AV. Unfortunately this offers additional Advanced Settings where particular file extensions can be choosen. But will only these file extensions be scanned by AV engine, or are they excluded from scanning, or what does it mean? No description available.0
-
USG_User said:[...] Express Mode in AV. [...] offers additional Advanced Settings where particular file extensions can be choosen. But will only these file extensions be scanned by AV engine, or are they excluded from scanning, or what does it mean? No description available.
And thanks @USG_User for sharing this little feature description.0 -
@WMelonMan &@USG_User
The description of express mode and stream mode
Express Mode
In this mode you can define which types of files are scanned using the File Type For Scan fields. The Zyxel Device then scans files by sending each file’s hash value to a cloud database using cloud query. This is the fastest scan mode.
Stream Mode
In this mode the Zyxel Device scans all files for viruses using anti-malware signatures to detect known virus pattens, and Threat Intelligence Machine Learning. Threat Intelligence Machine Learning is a master cloud database containing malware patterns learned from all Zyxel Devices. This is the deepest scan mode.
The advance feature of express mode is cloud query
File Type For Scan
Just select the File types that will be checked are listed on Applied File Types field. If you don’t want a file type to be checked, click this file type and then click the left arrow button.(Available File Types)
0 -
@Zyxel_Charlie: Thank you.0
-
Zyxel_Charlie said:...
The advance feature of express mode is cloud queryFile Type For Scan
Just select the File types that will be checked are listed on Applied File Types field. If you don’t want a file type to be checked, click this file type and then click the left arrow button.(Available File Types)Does it mean that I have to decide between fast or deep scan? But what I should take, I would prefer a fast AND deep scan.Further, what happens, when activating the Express mode, but without choosing any file types from the "Applied files table" (because this setting is "hidden" in advanced settings)? Will nothing being scanned in that case?Finally, I'm not sure choosing of which file types makes sense and which not. I don't know what files will be downloaded by colleagues or what kind of attachments will be received in future.From your experience in collecting of virus signatures, have you got any recommendadtions for the "Applied file table"?
0 -
@USG_User
It’s kind of tradeoff considering to the affordability of the hardware capability.
On Express mode, there are six files types will be checked in "Applied files table" by default configuration. If there is not any file types from the "Applied files table", the device will not send the files to cloud for investigating.
Also, the default files which are the most popular attachment types, but for the exactly applied files on the table, it bases on what application or environment users will be applied.
5 -
Thanks Charlie, for test purposes I've changed now our settings to Express Mode with some file extension allocations. Will see whether the very frequent appearing alert notes about A/V bypass will gone.
0 -
Short update: Even with changed A/V settings (switch from stream mode to express mode) at least one memory warning still appears every day where the A/V cloud query is bypassed for about 5 minutes.
0 -
@USG_User
This is Zyxel memory protection design, and both Stream and express mode will consume memory. Each ZyWALL USG model has a limited amount of memory to be shared by all features. If all of that memory is in use, system operations can be affected in unexpected ways.
Therefore, we have adjusted the threshold to avoid this behavior occur by the latest firmware. Please check private message.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight