Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Amir_Rehman
Contributor
Jump to solution

Global Policy Exceptions

Any idea... How can I add exception for this ? I don't want to bypass the full Antivirus blade for this source.

There is not much information in the log .. Such as MD5 hash, protection name etc.

Capture.PNG

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

The anti-virus engine is experiencing an internal failure trying to scan that resource, and because the anti-virus blade is set to "fail closed" the resulting action is a Prevent.  Creating an exception for that resource will not help since it only changes the final decision rendered (Prevent/Detect/Inactive) but does not stop the scanning of that resource and therefore the internal failure that is occurring.  It probably has to do with the scanned resource exceeding the fixed size of the SFT buffer on the firewall, please see the following SK for the fix: sk139292: "Failure-reject: unknown error" in Anti-Virus log, traffic fails

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

0 Kudos
7 Replies
TP_Master
Employee
Employee

Hi,

You can see the resource name on the upper-right corner. You can add an exception for that.

0 Kudos
tpoole_global
Employee
Employee

Use the URL under resource in the top right.

0 Kudos
Amir_Rehman
Contributor

Thanks ...

Do you mean I can add domain (.easel.inventable.com) in the exception ?

If yes, I tried to add global exception but could not find Url based domain in the destination field. Only Ip and subnets is the option.

Thanks,

Amir

0 Kudos
TP_Master
Employee
Employee
Not in the scope; in the column called "Protection/Blade/Site" -- you need to add the url as a "custom site" in that column (scope can be "Any")
Amir_Rehman
Contributor

Antivirus blade still catches it. Not sure why .

Capture1.PNGCapture2.PNG

0 Kudos
Timothy_Hall
Legend Legend
Legend

The anti-virus engine is experiencing an internal failure trying to scan that resource, and because the anti-virus blade is set to "fail closed" the resulting action is a Prevent.  Creating an exception for that resource will not help since it only changes the final decision rendered (Prevent/Detect/Inactive) but does not stop the scanning of that resource and therefore the internal failure that is occurring.  It probably has to do with the scanned resource exceeding the fixed size of the SFT buffer on the firewall, please see the following SK for the fix: sk139292: "Failure-reject: unknown error" in Anti-Virus log, traffic fails

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Amir_Rehman
Contributor

Thank you for your Help.

Yes sk139292 did work .

# fw ctl set int g_ci_av_sft_classification_buffer_size 15000

Ciao

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events