Security_Update outdated

chandan
chandan Posts: 72  Ally Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Hello Zytel Team,
The Security_Update (Configuration - Object - Application - Security_Update) category is outdated I believe as I do not find common antivirus category(file transfer from upgrade server) and others.

Issue 1
Even after forwarding the traffic from this category in the app patrol, PC is not able to connect to Mcafee upgrade server to update the antivirus. (Note: I have blocked all website with content filter service on some of the PC . However, I want to allow internet for only security_update category for the update of windows and general antivirus installed to them.)

Issue 2
Common antivirus (File Transfer) list not found
i.e. QuickHeal, Dr. Web, K7 Total Security


Thank you

Comments

  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    If you blocked all website with content filter service, maybe you just need to add McAfee upgrade server in trusted web sites.
    Here is a similar discussion.
  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    jasailafan,

    Thanks for the help.
    Actually, I knew this way. But in this way I need to find out all the antivirus upgrade server list (currently 5 - 6 types of antivirus are being used in my case on different computers) to add it manually in the content filter allowed list.

    That's why I wanted to forward the traffic through App Patrol as a better workaround rather than finding and adding into the allowed list.

    Waiting for the Zyxel team reply.


    Thank you.
  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    jasailafan,

    Thanks for the help.

    Actually, I knew this way. But in this way, I need to find out all the antivirus upgrade server list (currently 5 - 6 types of antivirus are being used in my case on different computers) to add it manually in the content filter allowed list.

    That's why I wanted to forward the traffic through App Patrol as a better workaround rather than finding and adding list of upgrade server list into the allowed list.

    Waiting for the Zyxel team reply.


    Thank you.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Issue 1:
    Could you share your configuration file with me in private message?

    Issue 2:
    We will review if it’s considerable to add these three applications to the service list of App Patrol.
    Quick Heal, Dr.Web, K7 Total Security
  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    edited September 2020
    Hi @Zyxel_Emily,

    For Issue 1:
    Configuration file "startup-config.conf" sent on your PM, Please check.


    For Issue 2:
    Yes, for sure this is going to help to all of your users using these antivirus on their PC.


  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @chandan,

    In the current design of security policy check flow, the traffic is scanned by App Patrol first and then Content Filter. 

    Even if the traffic is allowed by App Patrol, it is still scanned by Content Filter and blocked by CF profile.

    In your configuration file, the traffic matches App Patrol application "Antivirus_Updates" and is allowed.

    However, the traffic is blocked by the CF profile "Block_Everything" because all categories are blocked.


    In the log, you can find the antivirus update "TrendMicro" is blocked due to the CF category "Business".

    Hence, we suggest you add antivirus upgrade server in trusted web sites as the solution to allow virus update only and block all other websites.


    We will add the request to ideas section to enhance the feature in the future release.

  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    Hello @Zyxel_Emily,

    That is what my point is. You can add the priority for App Patrol and content filter traffic block/forward or any other solution to the current situation. 
    Thanks for understanding.

    Hope to see this in near future
  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    @zyxel team,

    When we can see these updates in zyxel firewall???
  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @chandan
    Can you describe what kind of update on the firewall?

  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    @Zyxel_Vic

    I hope you have already gone through this complete thread regarding how the firewall behaves with Content filter and app patrol by one of your past colleague @Zyxel_Emily...

    If zyxel can develop/enhance this feature will be good.....

Security Highlight