HTTP Proxy and Securepoint Antivirus

Freely definable rule name

Securepoint Antivirus Pro regularly checks an update server for new updates. The updates themselves are then downloaded by update mirrors.
If a Windows client is directly connected to the Internet, this does not pose a problem, since there are usually no rules that regulate web page views.
In a network environment, workstations usually do not have direct access to the Internet, but the data traffic is filtered via port filters and proxies in order to provide as little attack surface as possible for malware.

A good firewall configuration is characterized by the fact that each client only gets the shares it really needs.
In the following documentation we present three scenarios that allow the Antivirus Pro Update via the HTTP proxy of a Securepoint NextGen UTM firewall and the web filter.

In this case, the HTTP proxy is used in transparent Mode. In 'Webfilter only the web pages required for communication will be released. A new ruleset will be added here to release the update servers for Securepoint AntiVirus Pro. These are entered under → Applications →Webfilter Button + Add ruleset as follows:
Name
No matching rule found: block
In section Rules
*.ikarus.at/* *.mailsecurity.at/*
+ Add URL Please note that * is used as wildcard at this point (no Regex format!).
This rule set must be saved.
For the rule set to be applied, the rule set must be assigned to a profile that contains the corresponding computer!

The virus scanner of the HTTP proxy checks the packages that are routed through the proxy.
In order for the download of updates to work without problems, exceptions in Regex-Format] must be created in the virus scanner.
In the menu → Applications →HTTP-ProxyTab Virus Scanner Button Webpage-Whitelist a rule with + Regex is added:
^[^:]*://[^\.]*\.ikarus\.at/
^[^:]*://[^\.]*\.mailsecurity\.at/

To increase security, the Securepoint NextGen UTM firewall can be configured under → Applications →HTTP-ProxyTab General. Section General a Authentication method:
Basic, NTLM/Kerberos, Radius

Since the Securepoint Antivirus client cannot authenticate itself against the proxy with NTLM, additional 'authentication exceptions are required.
The called URLs have to be defined again in Regex-Format]:
.*\.ikarus\.at .*\.mailsecurity\.at
Since the HTTP or HTTPS protocol is not relevant at this point, these expressions are somewhat shorter than with the virus scanner.

notempty

For the Webfilter and the Virus scanner exceptions are configured as in scenario 1.

If in menu → Applications →HTTP-ProxyTab SSL-Interception SSL-Interception is used to check the encrypted data packets for malware, the servers must also be stored here as Exceptions for SSL-Interception}.
The same expressions are used as for the authentication exception.
.*\.ikarus\.at .*\.mailsecurity\.at
For the Webfilter and the Virus scanner exceptions are configured in the same way as in scenarios 1 and 2.

If → Applications →HTTP-ProxyTab Transparent Mode Transparent Mode has been activated to also check the encrypted data packets for malware, the IP addresses of the servers must be stored here as exceptions for the SSL interception. The entire network of update servers is released for this purpose.
.*91\.212\.136\..*