Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Suguru_Kawahara
Contributor

Whitelist for Anti-Virus

Hello,

I'm using the Anti-Virus function on the R77.30 appliance.
However, I want to exclude scan the file downloaded from a specific website.

Is there a way to solve this?
Can Anti-Virus function create URL whitelist?

If there is any other concern, please contact me.

Thanks,

Suguru

0 Kudos
3 Replies
Iain_Keir1
Contributor

Have you looked at using src/dst in the threat prevention policy to deliver a different AV policy for the source??

Looks like in R77.30 this can only be done by host/network IP but R80.10 allows domain.

Iain
CISSP
0 Kudos
Suguru_Kawahara
Contributor

Hi Iain,

Thanks for your reply.

Can I create a URL list that excludes AV scanning using "Creating Threat Prevention Sites"?

I will apply it to Policy and create rules to exclude AV scan of download files from certain URL sites.

All URL sites other than those listed above are scanned with AV.

Thanks,

0 Kudos
PhoneBoy
Admin
Admin

You can whitelist specific MD5s and URLs with an IoC file.

For the format of the file, refer to: ATRG: Anti-Bot and Anti-Virus 

Import the file, set the action to Inactive, install policy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events