-
Ambassador from TSBT
Pesky network security appliance blocking projects
Our company's network security appliance, a SonicWall firewall, has started blocking and reporting what I assume are false positives for malware. First, is it common for small company firewalls to have false hits on boinc projects and is there anything that can be done to avoid it other than convincing the admin it's a false positive? Here's what is being reports on POEM...
Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
04/19/2016 17:01:29 - 809 - Security Services - Alert - 141.52.95.245, 80, X1 - 90.0.0.134, 57717, X0 - tcp - Gateway Anti-Virus Alert: Zegost.A_55 (Trojan) blocked.
This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
Last edited by scole of TSBT; 04-20-16 at 05:37 AM.
-
Re: Pesky network security appliance blocking projects
Well, I don't recall ever hearing that POEM was tagged as a false alarm. Something like BitcoinUtopia I'd almost expect, but POEM? Nope.
Are you sure the firewall has the latest signature database? Maybe it was an erroneous update and has since been corrected?
https://support.software.dell.com/kb/sw13889
Another possible way to approach it may be to see if it blocks it if the request is "repackaged" by using a Proxy server. I have 2 proxies defined for my BOINC hosts and that did help on some problems I was seeing with our IPS device falsely tagging some packets. Additionally it may even help if you can set that proxy up outside of the work network, although that adds a level of complexity I haven't yet worked through myself.
-
-
Ambassador from TSBT
Re: Pesky network security appliance blocking projects
Also getting these...
From NumberFields@Home at mimas.la.asu.edu
Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
04/20/2016 08:36:22 - 809 - Security Services - Alert - 129.219.51.76, 80,
X1 - 90.0.0.213, 55432, X0 - tcp - Gateway Anti-Virus Alert: XPACK.A_2499
(Trojan) blocked.
This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
Yoyo at hopper.rechenkraft.net
Subject: *** Alert from Network Security Appliance *** [18B169229A80] [AV Gateway Alert, General, Security Services]
04/20/2016 08:36:22 - 809 - Security Services - Alert - 78.47.191.249, 80,
X1 - 90.0.0.213, 55433, X0 - tcp - Gateway Anti-Virus Alert: Tibick.F_2
(Worm) blocked.
This email was generated by: SonicOS Enhanced 6.2.4.2-20n (18B1-6922-9A80)
But surprisingly, he has agreed to allow those pass through.
Last edited by scole of TSBT; 04-20-16 at 09:53 AM.
-
Re: Pesky network security appliance blocking projects
So who did you piss off in the IT department?
-
Ambassador from TSBT
Re: Pesky network security appliance blocking projects
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules