cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Yonghao_Gao
Nickel

Anti-Virus log prompt: "background classification mode was set"

Dear 

FW:23500     Version:R80.10       Hotfix:R80_10_JUMBO_HF_Bundle_T56_sk11638

I have set hold mode,refer to screenshots below:

TP configuration as follow:

But the log shows as follow:

Description:

                  Connection was allowed because background classification mode was set. See sk74120 for more information.

"loop.sawmilliner.com" is a C2 and malware site,as follow:

I have set classification mode to hold,why still show "background classification mode was set"

Thanks!

5 Replies

Re: Anti-Virus log prompt: "background classification mode was set"

You are looking to the wrong Software Blade. Threat Prevention is for downloads. For Site classification, you need AC and URL Filtering to be changed.  

0 Kudos
Yonghao_Gao
Nickel

Re: Anti-Virus log prompt: "background classification mode was set"

Thanks,but log match anti-virusblade.This behavior is in the DNS request phase.Can't it be blocked by tp at the DNS request stage?

0 Kudos

Re: Anti-Virus log prompt: "background classification mode was set"

Look here:

0 Kudos
Yonghao_Gao
Nickel

Re: Anti-Virus log prompt: "background classification mode was set"

Thanks,I will try it.

Re: Anti-Virus log prompt: "background classification mode was set"

Hi,

I have the same issue. I have put the URL filtering setting to Hold mode but still i am getting same logs of "It is allowed because background classification mode was set" in the logs.

0 Kudos