Jump to:navigation, search
Wiki

HTTP proxy virus scanner

From Securepoint Wiki





















































De.png
En.png
Fr.png






Virus scanner exceptions for local virus scanners
Last adaptation to the version: 12.6.0
New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview

12.2020

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Applications HTTP proxy  Area Virus scanner

Introduction

Why do the update servers of the respective antivirus software in the firewall's own virus scanner have to be added to the Allowlist?

When downloading virus signature updates, error detections may occur. Therefore, it is advisable to add the update servers of your AV vendor to the exception list.


Virus scanner exceptions

You enter these exceptions under Applications HTTP proxy  Area Virus scanner. The virus scanner works with the following exceptions Regular expression.


Securepoint Antivirus Pro

Please use the settings from HTTP Proxy and Securepoint Antivirus article for this.


Eset
  • ^[^:]*://[^\.]*\.eset\.com/


Additionally, with ESET - Scanner you must exclude the update servers from the proxy. Since the scanner first compares the database differences and the license at a server. Then an update server is communicated, which is addressed directly via IP address (not via the host name).
To do this, create network objects in the "external" zone with the following IP addresses (it is best to create a group into which you move all network objects).

Please note that the IP addresses can change! In that case you have to resolve the hostname update.eset.com once, compare the addresses and adjust them if necessary.

  • 93.184.71.0/26
  • 62.67.184.64/27
  • 89.202.149.32/27
  • 91.228.164.0/22
  • 84.233.128.0/17
  • 38.90.226.0/24


Afterwards, go to Applications HTTP proxy  Area Transparent Mode and add a rule:

  • Source: Internal Network
  • Destination: A network object or a network group that maps the IP addresses of the update servers
  • Type: EXCLUDE


G Data
  • ^[^:]*://[^\.]*\.gdatasecurity\.com/
  • ^[^:]*://[^\.]*\.gdata\.de/
  • ^[^:]*://[^\.]*\.gdatasecurity\.de/
  • ^[^:]*://[^\]*\.lumension\.com/
  • ^[^:]*://[^\.]*\.dedicated\.hosteurope\.de/


G Data Outbreak Shield
  • ^[^:]*://[^.]*.gdata\.ctmail\.com/


Trendmicro
  • ^[^:]*://[^\.]*\.activeupdate\.trendmicro\.com/
  • ^[^:]*://[^\.]*\.trendmicro-g\.georedirector\.akadns\.net/
  • ^[^:]*://[^\.]*\.trendmicro\.com/
  • ^[^:]*://[^\/]*\.census\.trendmicro\.com/


McAfee Saas
  • ^[^:]*://vs\.mcafeeasap\.com/
  • ^[^:]*://download\.mcafee\.com/


Symantec
  • ^[^:]*://[^\/]*\.symantecliveupdate\.com/


Avira

net)/ oder

  • ^[^:]*://.*\.avira\.(com


F-Secure
  • ^[^:]*://.*\.sp\.f-secure\.com/
  • ^[^:]*://[^\.]*\.f-secure\.com/
  • ^[^:]*://[^\.]*\.orsp\.f-secure\.com/


Bitdefender
  • ^[^:]*://upgr-mmxiii\.cdn\.bitdefender\.net


Microsoft Office

(tested with Office 2013, Office 365)

  • ^[^:]*://officecdn\.microsoft\.com/
  • ^[^:]*://officecdn\.microsoft\.com\.edgesuite\.net/


Sophos

net)/

  • ^[^:]*://http\.00\.s\.sophosxl\.net/


Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/APP/HTTP_Proxy-Virenscanner&oldid=89592"