HTTP Proxy and Securepoint Antivirus
+2| Letzte Anpassung: | Last update:}}
Freely definable rule name
- 1 Preamble
- 2 Scenario 1: Standard proxy without authentication
- 3 Scenario 2: Standard proxy with authentication
- 4 Scenario 3: Standard proxy with authentication via NTLM and use of SSL interception
Configuration of a UTM when using a HHTP proxy and Securepoint Antivirus Pro
Letzte Anpassung: 06.2019
Securepoint Antivirus Pro regularly checks an update server for new updates. The updates themselves are then downloaded by update mirrors.
If a Windows client is directly connected to the Internet, this does not pose a problem, since there are usually no rules that regulate web page views. In a network environment, workstations usually do not have direct access to the Internet, but the data traffic is filtered via port filters and proxies in order to provide as little attack surface as possible for malware.
A good firewall configuration is characterized by the fact that each client only gets the shares it really needs.
In the following documentation we present three scenarios that allow the Antivirus Pro Update via the HTTP proxy of a Securepoint NextGen UTM firewall and the web filter.
Scenario 1: Standard proxy without authentication
In this case, the HTTP proxy is used in transparent Mode. In 'Webfilter only the web pages required for communication will be released. A new ruleset will be added here to release the update servers for Securepoint AntiVirus Pro. These are entered under as follows:
Note the wildcards
*.Syntax?????? in Regex-Format.
This rule set must be saved.
For the rule set to be applied, the rule set must be assigned to a profile that contains the corresponding computer!
Virus scanner of the UTM
The virus scanner of the HTTP proxy checks the packages that are routed through the proxy.
In order for the download of updates to work without problems, exceptions in Regex-Format] must be created in the virus scanner.
In the menu } Section Webpage-Whitelist a rule with is added:
Scenario 2: Standard proxy with authentication
To increase security, the Securepoint NextGen UTM firewall can be configured under
Since the Securepoint antivirus client cannot authenticate itself against the proxy with NTLM, additional 'authentication exceptions are required.
The called URLs have to be defined again in Regex-Format]:
Since the HTTP or HTTPS protocol is not relevant at this point, these expressions are somewhat shorter than with the virus scanner.
Scenario 3: Standard proxy with authentication via NTLM and use of SSL interception
If in menu
The same expressions are used as for the authentication exception.
For the Webfilter and the Virus scanner exceptions are configured in the same way as in scenarios 1 and 2.
Transparent SSL Interception
Ifin the has been activated to also check the encrypted data packets for malware, the IP addresses of the servers must be stored here as exceptions for the SSL interception. The entire network of update servers is released for this purpose.