https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33137#M12580 <HTML><HEAD></HEAD><BODY><P>I have set it to 2 previous it was set to 0.&nbsp; g_ci_av_eicar_handling_mode = 2</P><P>But changing this setting doesn't help. Eicar is and was recognized if i download it form web site but if i uploaded it using Mobile Access Portal interface it doesn't.</P><P>Even if I establish tunnel (IPSEC or SSL/Connect)&nbsp; and uploading eicar file to web application it is blocked as it should.</P><P>If I open Mobile Access Portal and without tunnel open that same web application only define as http URL in portal it is passed without scan.&nbsp;</P></BODY></HTML> Mon, 18 Feb 2019 13:08:07 GMT Rafal_N 2019-02-18T13:08:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33133#M12576 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I try to scan files that are uploaded using Mobile Access Portal - File Shares, Web Applications but it looks like that all other security blades (AV,TE) ignores them. I triple check my TP policy and it seems to be ok.</P><P>Does anybody can confirm that it should work and there is something in my configuration or is it something that gateway can't do at all.</P></BODY></HTML> Wed, 13 Feb 2019 11:06:29 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33133#M12576 Rafal_N 2019-02-13T11:06:29Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33134#M12577 <HTML><HEAD></HEAD><BODY><P>All the blades are supposed to work with Mobile Access Blade as noted <A href="https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_MobileAccess_AdminGuide/html_frameset.htm">in the documentation</A>.</P><P></P><P>How are you determining that the blades are "ignoring" files uploaded via file shares?</P><P>Note the blades usually don't generate a log unless a file is malicious.</P></BODY></HTML> Thu, 14 Feb 2019 04:59:04 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33134#M12577 PhoneBoy 2019-02-14T04:59:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33135#M12578 <HTML><HEAD></HEAD><BODY><P>I'm uploading malware test file "eicar.com" that gateway normally recognized without issue. Only when I transfer it using Mobile Access Portal it doesn't work. I thought it was only for Fileshare (some CIFS issue) but i add web aplication using http (not https) and file isn't scan at all.&nbsp;</P></BODY></HTML> Fri, 15 Feb 2019 14:32:38 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33135#M12578 Rafal_N 2019-02-15T14:32:38Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33136#M12579 <HTML><HEAD></HEAD><BODY><P>EICAR is kind of a special case <IMG src="https://community.checkpoint.com/legacyfs/online/checkpoint/emoticons/wink.png" /></P><P>As there have been a few false positives with EICAR, and it's not really malicious, we don't detect EICAR by default.</P><P>Execute the following command on the gateway: <STRONG>fw ctl set int g_ci_av_eicar_handling_mode 2</STRONG></P><P>Then repeat your test.&nbsp;</P></BODY></HTML> Fri, 15 Feb 2019 19:51:47 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33136#M12579 PhoneBoy 2019-02-15T19:51:47Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33137#M12580 <HTML><HEAD></HEAD><BODY><P>I have set it to 2 previous it was set to 0.&nbsp; g_ci_av_eicar_handling_mode = 2</P><P>But changing this setting doesn't help. Eicar is and was recognized if i download it form web site but if i uploaded it using Mobile Access Portal interface it doesn't.</P><P>Even if I establish tunnel (IPSEC or SSL/Connect)&nbsp; and uploading eicar file to web application it is blocked as it should.</P><P>If I open Mobile Access Portal and without tunnel open that same web application only define as http URL in portal it is passed without scan.&nbsp;</P></BODY></HTML> Mon, 18 Feb 2019 13:08:07 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33137#M12580 Rafal_N 2019-02-18T13:08:07Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33138#M12581 <HTML><HEAD></HEAD><BODY><P>Recommend opening a TAC case so we can investigate this more closely.</P><P><A href="https://community.checkpoint.com/message/39214">How To Open a Case with TAC and/or Account Services</A>‌</P></BODY></HTML> Tue, 19 Feb 2019 08:33:42 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33138#M12581 PhoneBoy 2019-02-19T08:33:42Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33139#M12582 <HTML><HEAD></HEAD><BODY><P>I got statements, that <STRONG>Traditional AV and Anti-Virus is not supported with Mobile Access portal.&nbsp;</STRONG>So probably TE does not work either.&nbsp;It should be write red capital letters in documentation in Mobile Access Portal.</P><P>I try to figure out some workaround how to solve it because it is big surprised for me. Any ideas and suggestion will be nice.</P></BODY></HTML> Tue, 19 Feb 2019 09:04:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33139#M12582 Rafal_N 2019-02-19T09:04:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33140#M12583 <HTML><HEAD></HEAD><BODY><P>Please send me the TAC SR in a private message.</P><P>The documentation explicitly contradicts this, so I'd like to get to the bottom of it.</P></BODY></HTML> Sat, 23 Feb 2019 14:23:48 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-Portal-other-blades/m-p/33140#M12583 PhoneBoy 2019-02-23T14:23:48Z