Results 1 to 6 of 6

Thread: Pesky network security appliance blocking projects

  1. #1
    Ambassador from TSBT scole of TSBT's Avatar
    Join Date
    May 8th, 2015
    Location
    Goldsboro, NC
    Posts
    1,009

    Pesky network security appliance blocking projects

    Our company's network security appliance, a SonicWall firewall, has started blocking and reporting what I assume are false positives for malware. First, is it common for small company firewalls to have false hits on boinc projects and is there anything that can be done to avoid it other than convincing the admin it's a false positive? Here's what is being reports on POEM...

    Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]

    04/19/2016 17:01:29 - 809 - Security Services - Alert - 141.52.95.245, 80, X1 - 90.0.0.134, 57717, X0 - tcp - Gateway Anti-Virus Alert: Zegost.A_55 (Trojan) blocked.

    This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
    Last edited by scole of TSBT; 04-20-16 at 05:37 AM.

  2. #2
    Platinum Member
    Mumps's Avatar
    Join Date
    October 28th, 2010
    Location
    Milwaukee, WI
    Posts
    3,994

    Re: Pesky network security appliance blocking projects

    Well, I don't recall ever hearing that POEM was tagged as a false alarm. Something like BitcoinUtopia I'd almost expect, but POEM? Nope.

    Are you sure the firewall has the latest signature database? Maybe it was an erroneous update and has since been corrected?

    https://support.software.dell.com/kb/sw13889

    Another possible way to approach it may be to see if it blocks it if the request is "repackaged" by using a Proxy server. I have 2 proxies defined for my BOINC hosts and that did help on some problems I was seeing with our IPS device falsely tagging some packets. Additionally it may even help if you can set that proxy up outside of the work network, although that adds a level of complexity I haven't yet worked through myself.

  3. #3
    Diamond Member
    zombie67's Avatar
    Join Date
    October 24th, 2010
    Location
    Reno, NV
    Posts
    7,269

    Re: Pesky network security appliance blocking projects

    "So you're against curing cancer?!"

    "Don't confront me with my failures, I had not forgotten them" - Jackson Browne

    Avatar source


  4. #4
    Ambassador from TSBT scole of TSBT's Avatar
    Join Date
    May 8th, 2015
    Location
    Goldsboro, NC
    Posts
    1,009

    Re: Pesky network security appliance blocking projects

    Also getting these...

    From NumberFields@Home at mimas.la.asu.edu
    Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
    04/20/2016 08:36:22 - 809 - Security Services - Alert - 129.219.51.76, 80,
    X1 - 90.0.0.213, 55432, X0 - tcp - Gateway Anti-Virus Alert: XPACK.A_2499
    (Trojan) blocked.
    This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)

    Yoyo at hopper.rechenkraft.net
    Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
    04/20/2016 08:36:22 - 809 - Security Services - Alert - 78.47.191.249, 80,
    X1 - 90.0.0.213, 55433, X0 - tcp - Gateway Anti-Virus Alert: Tibick.F_2
    (Worm) blocked.
    This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)

    But surprisingly, he has agreed to allow those pass through.
    Last edited by scole of TSBT; 04-20-16 at 09:53 AM.

  5. #5
    Administrator
    Bryan's Avatar
    Join Date
    October 27th, 2010
    Location
    CO summer, TX winter
    Posts
    6,457

    Re: Pesky network security appliance blocking projects

    So who did you piss off in the IT department?


  6. #6
    Ambassador from TSBT scole of TSBT's Avatar
    Join Date
    May 8th, 2015
    Location
    Goldsboro, NC
    Posts
    1,009

    Re: Pesky network security appliance blocking projects

    All of them!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •