- Layout adjustments
Introduction
If a Windows client is directly connected to the Internet, this does not pose a problem, since there are usually no rules that regulate web page views.
In a network environment, workstations usually do not have direct access to the Internet, but the data traffic is filtered via port filters and proxies in order to provide as little attack surface as possible for malware.
In the following documentation we present three scenarios that allow the Antivirus Pro Update via the HTTP proxy of a Securepoint NextGen UTM firewall and the web filter.
Scenario 1: Standard proxy without authentication
Webfilter
In this case, the HTTP proxy is used in transparent Mode.
In 'Webfilter only the web pages required for communication will be released. A new ruleset will be added here to release the update servers for Securepoint AntiVirus Pro. These are entered under Button as follows:
Name
No matching rule found:
In section Rules
*.ikarus.at/*
*.mailsecurity.at/*
Please note that * is used as wildcard at this point (no Regex format!).
This rule set must be saved.
For the rule set to be applied, the rule set must be assigned to a profile that contains the corresponding computer!
Virus scanner of the UTM
The virus scanner of the HTTP proxy checks the packages that are routed through the proxy.
In order for the download of updates to work without problems, exceptions in Regex-Format] must be created in the virus scanner.
In the menu Tab Virus Scanner Button a rule with is added:
^[^:]*://[^\.]*\.ikarus\.at/
^[^:]*://[^\.]*\.mailsecurity\.at/
Scenario 2: Standard proxy with authentication
To increase security, the Securepoint NextGen UTM firewall can be configured under General. Section General a Authentication method:
, ,
Authentication exception
Since the Securepoint Antivirus client cannot authenticate itself against the proxy with NTLM, additional 'authentication exceptions are required.
The called URLs have to be defined again in Regex-Format]:
.*\.ikarus\.at
.*\.mailsecurity\.at
Since the HTTP or HTTPS protocol is not relevant at this point, these expressions are somewhat shorter than with the virus scanner.
Scenario 3: Standard proxy with authentication via NTLM and with SSL interception
SSL-Interception
If in menu SSL-Interception SSL-Interception is used to check the encrypted data packets for malware, the servers must also be stored here as Exceptions for SSL-Interception}.
The same expressions are used as for the authentication exception.
.*\.ikarus\.at
.*\.mailsecurity\.at
For the Webfilter and the Virus scanner exceptions are configured in the same way as in scenarios 1 and 2.
Transparent SSL Interception
If Transparent Mode Transparent Mode has been activated to also check the encrypted data packets for malware, the IP addresses of the servers must be stored here as exceptions for the SSL interception.
The entire network of update servers is released for this purpose.
.*91\.212\.136\..*