Problem with Sandboxing and USB-Logs

Michael_I
Michael_I Posts: 41  Freshman Member
edited April 2021 in Security
Hello,

I have trouble with Sandboxing and the USB-Logs.

Today (13.03.2021) we downloaded a pdf via firefox browser. Unfortunately the pdf contains a Virus, which was stopped by Kaspersky.
I looked at the logs, but today no pdf was send to the sandbox. The last sandboxing was yesterday.
I tried to download another pdf, ther was no sandboxing, too.
Why?

Furthermore i discovered, that no more USB-logs are written.
This happens since the 16.02.2021. I think we did a update to V4.62(ABFW.0) to this day.
What can we do?

Here´s the Sansboxing log. No Sandboxing on 13-03-2021

Here´s the settings for the logs:





All Replies

  • e_mano_e
    e_mano_e Posts: 22  Freshman Member
    Hi!

    Can you please share the PDF download link?

    Jens
  • Michael_I
    Michael_I Posts: 41  Freshman Member
    unfortunately no, we did a recovery of our sever. Therefore I don´t know the link.
    But it makes no sandboxin at all (today).
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee

    Hi @Michael_I,

    I tested Sandboxing by downloading PDF files. It records logs as in the following screenshot; 

    Can you please share some information with us;

     

    1- That pdf file may downloaded from a HTTPS source. Did you apply SSL Insection for Outgoing traffic?

    2- Can you please share Sandboxing setting's screenshot with us?


    3- Can you verify is the Activate USB storage service checkbox is checked under Configuration > System > USB Storage > Settings?


     

    Best regards.


  • Michael_I
    Michael_I Posts: 41  Freshman Member
    Hello,

    USB-Storage is activated.
    SSL-Inspector is not activated. I think that´s the reason.

Security Highlight