Pesky network security appliance blocking projects
Our company's network security appliance, a SonicWall firewall, has started blocking and reporting what I assume are false positives for malware. First, is it common for small company firewalls to have false hits on boinc projects and is there anything that can be done to avoid it other than convincing the admin it's a false positive? Here's what is being reports on POEM...
Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
04/19/2016 17:01:29 - 809 - Security Services - Alert - 141.52.95.245, 80, X1 - 90.0.0.134, 57717, X0 - tcp - Gateway Anti-Virus Alert: Zegost.A_55 (Trojan) blocked.
This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
Re: Pesky network security appliance blocking projects
Well, I don't recall ever hearing that POEM was tagged as a false alarm. Something like BitcoinUtopia I'd almost expect, but POEM? Nope.
Are you sure the firewall has the latest signature database? Maybe it was an erroneous update and has since been corrected?
https://support.software.dell.com/kb/sw13889
Another possible way to approach it may be to see if it blocks it if the request is "repackaged" by using a Proxy server. I have 2 proxies defined for my BOINC hosts and that did help on some problems I was seeing with our IPS device falsely tagging some packets. Additionally it may even help if you can set that proxy up outside of the work network, although that adds a level of complexity I haven't yet worked through myself.
Re: Pesky network security appliance blocking projects
Re: Pesky network security appliance blocking projects
Also getting these...
From NumberFields@Home at mimas.la.asu.edu
Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
04/20/2016 08:36:22 - 809 - Security Services - Alert - 129.219.51.76, 80,
X1 - 90.0.0.213, 55432, X0 - tcp - Gateway Anti-Virus Alert: XPACK.A_2499
(Trojan) blocked.
This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
Yoyo at hopper.rechenkraft.net
Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
04/20/2016 08:36:22 - 809 - Security Services - Alert - 78.47.191.249, 80,
X1 - 90.0.0.213, 55433, X0 - tcp - Gateway Anti-Virus Alert: Tibick.F_2
(Worm) blocked.
This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
But surprisingly, he has agreed to allow those pass through.
Re: Pesky network security appliance blocking projects
So who did you piss off in the IT department?
Re: Pesky network security appliance blocking projects