Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Currently Being Moderated

Support Doc: Default policy changelog

VERSION 7  Click to view document history
Created on: Dec 27, 2011 3:57 PM by Jon Scholten - Last Modified:  Oct 1, 2013 3:07 PM by Jon Scholten

Introduction

This article is intended to show the evolution of the "default policy" from version to version. As you upgrade your Web Gateway, the "default" rules cannot always be migrated to newer versions of themselves as they may have been customized in someway to accomodate your environment. For simplicity's sake, I will highlight only bigger changes. The "Default policy" referred to in this document, is the result of one clicking "Default Policy" after a fresh installation:

1_defaultpolicybutton.png

Purpose

To provide you with understanding of new rule sets and rules to apply to your configuration. This will also help finding any possible configuration issues which were not solved by upgrades. Also, I feel that the default rule set provides a good framework for building your own rule sets so it is important to monitor it's changes.

Disclaimer

While I do work for McAfee, this is somewhat of an independent venture I took exploring the evolution of the changes to the Web Gateway rule sets. Let me know if you see any errors or room for improvement as this is a work in progress.

Terminology

To understand the terminology used in the document, there are some fundamental items. See below for the basics, for further reading, check out the upgrade guide:

 

  • Rule set - Refers to the container objects located under the "Rule sets" tab. The rule set criteria specifies the scope of the container.

          12_ruleset.png

  • Rule - Refers to a sub-item within a rule set. A rule will allow you to take action based on its own criteria, a rule inherits its criteria from its parent rule set.

          13_rule.png

  • Cycle - Rules are organized in rule sets and processed in cycles for dealing with requests and responses sent and received in web traffic, as well as with objects that can be embedded in these requests and responses. If certain cycles are disabled for a rule set, then the rule set will not apply to that cycle.

          11_cycle.png

  • Property - A value filled by the Web Gateway to be evaluated against.

          14_properties.png

  • Operator - Used for comparing properties against defined values/lists.

          15_operator.png

  • Action - Action to take if rule criteria is matched.

          16_action.png

  • Event - Perform said event if rule criteria is matched.

          17_event.png

Previewing rulesets

To preview the rulesets I would recommend using the Policy Viewer tool which can be obtained here: https://community.mcafee.com/docs/DOC-2110

 

18_fileopen_2012-04-25_142931.png

Changes from 7.0.1 to 7.0.2

Rule Sets

    • No significant changes.
    • Not evaluated yet.

Log Handler

    • Affected ruleset: Access Log, Action: Rule modified, Affected rule: Write access.log
      • In 7.0.1 the rule event referenced: String.ReplaceIfEquals(Number.ToString(Body.Size),"","-")
      • In 7.0.2 the rule event references: String.ReplaceIfEquals(Number.ToString(BytesToClient),"","-")
      • Reason: Body.Size does not accurately report bytes sent by Web Gateway to the client, therefore BytesToClient was created.
      • Note: This is not something that can be fixed by upgrading, you must correct this manually.
    • Affected ruleset: Access Log, Action: Rule modified, Affected rule: Write access.log
        • In 7.0.1 the rule event referenced: Header.Get("User-Agent")
        • In 7.0.2 the rule event references: Header.Request.Get("User-Agent")
        • Reason: The User-Agent header only exists in the Request cycle, therefore it should be logged as such.
        • Note: This is not something that can be fixed by upgrading, you must correct this manually.

    Error Handler

      • Affected ruleset: Block on URL Filter Errors, Action: Rule added
        • Name: Failopen on Connection Problems to the Cloud
        • Rule criteria: Error.ID equals 15003
        • Action: Stop Rule Set
        • Reason: If there was connection problems connecting to the Cloud server for categorization, customers wanted a possibility to fail open.
        • Note: This ruleset was removed in 7.1.0.0 and is no longer needed it has been addressed in the settings for URL Filter.

    Lists

      • Affected list: Default known certificate authorities, Action: CA removed
        • Name: Microsoft Root Authority
      • Affected list: Antimalware URL Whitelist, Action: Removed entry

        • Affected entries:

          • *akvideos.*metacafe.com

      • Affected list: Antimalware URL Whitelist, Action: Modified entries

        • Affected entries:

          • *.dailymotion.com

          • *.videos.pp2g.tv

          • *.r.hulu.com

          • *.lvideos.5min.com

          • *.video.google.com

        • Reason: Modifed to include "*." (i.e. *example.com, was changed to *.example.com)
      • Affected list: Response URL Host Without Path Whitelist, Action: Modified entries

        • Affected entries:

          • *.mc[0-9].coveritlive.com

          • *.ameritrade[0-9][0-9].streamer.com

          • *.gva.rapid.reuters.com

          • *.microsoft.com

        • Reason: Modifed to include "*." (i.e. *example.com, was changed to *.example.com)
      • Affected list: Response Whitelist List, Action: Modified entries

        • Affected entries:

          • *.streamerapi.finance.yahoo.com

          • *.balancer[0-9]*.netdania.com

        • Reason: Modifed to include "*." (i.e. *example.com, was changed to *.example.com)
      • Affected list: Response Whitelist List, Action: Added entries

        • Affected entries:

          • *.ameritrade[0-9][0-9].streamer.com

          • *.gva.rapid.reuters.com

          • *.mc[0-9].coveritlive.com

    Changes from 7.0.2 to 7.1.0

    Rule Sets

      • Affected ruleset: SSL Scanner > Handle CONNECT Call, Action: Rule deleted, Affected rule: Enable certificate verification without EDH for hosts in No-EDH Server list

        • Reason: Rule set was not used very often.

      • Affected ruleset: SSL Scanner > Certificate Verification > Verify Common Name (Proxy Setup), Action: Rule criteria modified, Affected rule: Enabled Allow Alternative Common Names

        • In 7.0.2.0, criteria was: URL.Host is in list SSL.Server.Certificate.AlternativeCNs

        • In 7.1.0.0, criteria is: URL.Host matches in list SSL.Server.Certificate.AlternativeCNs

        • Reason: The property SSL.Server.Certificate.AlternativeCNs is a wildcard.

      • Affected ruleset: SSL Scanner > Certificate Verification > Verify Common Name (Transparent Setup), Action: Rule criteria modified, Affected rule: Enabled Allow Alternative Common Names

        • In 7.0.2.0, criteria was: URL.Host is in list SSL.Server.Certificate.AlternativeCNs

        • In 7.1.0.0, criteria is: URL.Host matches in list SSL.Server.Certificate.AlternativeCNs

        • Reason: The property SSL.Server.Certificate.AlternativeCNs is a wildcard.

      • Affected ruleset: Common Rules > Handle Special Sites, Action: Criteria modified, Affected rule: Allow URLs That Match in List Response Whitelist in Cycle Response

        • Criteria was removed in 7.1 Cycle.TopName equals "Response"

        • Reason: Rule set only applies to responses, so additional criteria was redundant.

          • Affected ruleset: Common Rules > Handle Special Sites, Action: Criteria modified, Affected rule: Some update tools don't support persistent connections

            • In 7.0.2 the rule was:

              • Name: Some update tools don't support persistent connections

                • Criteria: Always

                • Action: Continue

                • Event: Workaround<Don't keep connection to client persistent>

            • In 7.1.0 the name changed as well as the criteria:

              • Name: Handle Update Tools That Do Not Support Persistent Connections

                • Criteria: Header.Request.Get("User-Agent") is in list Special Update Tools (Non-Persistent)°

                • Action: Continue

                • Event: Workaround<No Persistent Client Connections>

            • Reason: Rule was meant to have a limited scope and only apply to a small percentage of traffic, with it enabled always issues ensued.

          • Affected ruleset: Common Rules > Handle Special Sites, Action: Criteria modified, Affected rule: Some clients don't support chunk encoding

            • In 7.0.2 the rule was:

              • Name: Some clients don't support chunk encoding

                • Criteria: Always

                • Action: Continue

                • Event: Workaround<Client does not support chunk encoding>

            • In 7.1.0 the name was changed as well as the criteria:

              • Name: Handle Update Tools That Do Not Support Chunk Encoding

              • Criteria: Header.Request.Get("User-Agent") is in list Special Update Tools (No Chunk Encoding)°

              • Action: Continue

              • Event: Workaround<Use No Chunk Encoding>

            • Reason: Rule was meant to have a limited scope and only apply to a small percentage of traffic, with it enabled always performance issues ensued.

          • Affected ruleset: Authenticate and Authorize, Action: Ruleset removed from default policy

            • Reason: Having the authentication ruleset included by default caused confusion, customers are now expected to import the necessary authentication ruleset from the Rule Set library.

          • Affected ruleset(s): Content Filter for ... > URL Filtering | Media Type Filtering, Action: Rulesets moved

            7020-to-7100.png

              • Affected ruleset(s): Content Filter for ... > URL Filtering, Action: Rule added

                • Name: Allow Uncategorized URLs

                • Criteria: List.OfCategory.IsEmpty(URL.Categories<Default>) equals true

                • Action: Stop Rule Set

                • Event: None

                • Reason: There werent any examples of how to handle uncategorized sites correctly. This rule demonstrates how to correctly handle uncategorized URLs.

              • Not evaluated yet.

            Log Handler

              • No changes.

            Error Handler

              • Affected Ruleset: Handle Update Incidents, Action: Criteria modified, Affected Rule: Send Email on Error

                • In 7.0.2 criteria was: Incident.ID equals 301 OR Incident.ID equals 302 OR Incident.ID equals 303 OR Incident.ID equals 299

                • In 7.1.0 criteria is: Incident.ID equals 301 OR Incident.ID equals 302

                • Reason: Incident ID's 299 and 303 are now obsolete.

              • Affected Ruleset: Block on URL Filter Errors, Action: Rule removed, Affected Rule: Failopen on Connection Problems to the Cloud

                • Reason: As stated above, the error handling has been moved to the URL Filter settings (Policy > Settings > URL Filter).

            Lists

              • Affected list: Default known certificate authorities, Action: CA added
                • Name: Entrust.net Certification Authority (2048)
                • Name: RSA Security 2048 V3
              • Affected list: Default known certificate authorities, Action: CA removed
                • Name: TC TrustCenter Class 4 CA
              • Affected list: Response Whitelist List, Action: Entries removed
                • Affected entries:
                  • *.ameritrade[0-9][0-9].streamer.com ameritrade[0-9][0-9].streamer.*/
                  • *.gva.rapid.reuters.com gva.rapid.reuters.*/
                  • *.mc[0-9].coveritlive.com mc[0-9].coveritlive*

            Changes from 7.1.0 to 7.1.5

            Rule Sets

              • Affected ruleset: Gateway Anti-Malware, Action: Rule moved, Affected rule: Remove Partial Content for HTTP(s) Requests

                  • New location: Fourth rule in ruleset.

                  • Reason: Customers did not want partial content header stripped if URL was added to whitelists within Gateway Anti-Malware.

                • Affected ruleset: Gateway Anti-Malware, Action: Rule moved, Affected rule: Block Partial Content for FTP Requests

                  • New location: Fifth rule in ruleset.

                  • Reason: Customers did not want partial downloads blocked if URL was added to whitelists within Gateway Anti-Malware.

                • Not evaluated yet.

              Log Handler

                • No changes.

              Error Handler

                • Affected Ruleset: Handle Update Incidents, Action: Rule set criteria changed

                  • In 7.1.0 rule set criteria was: Incident.OriginName equals "Updater" OR Incident.ID equals 299 OR Incident.ID equals 298

                  • In 7.1.5 rule set criteria is: Incident.OriginName equals "Updater" OR Incident.ID equals 851 OR Incident.ID equals 850 OR Incident.ID equals 1051 OR Incident.ID equals 1050 OR Incident.ID equals 941 OR Incident.ID equals 940 OR Incident.ID equals 1650 OR Incident.ID equals 1651

                • Affected Ruleset: Handle Update Incidents, Action: Rule criteria changed, Affected rule: Send Email on Error

                  • In 7.1.0 rule criteria was: Incident.ID equals 301 OR Incident.ID equals 302

                  • In 7.1.5.0 rule criteria was: Incident.ID equals 301 OR Incident.ID equals 302 OR Incident.ID equals 305 OR Incident.ID equals 851 OR Incident.ID equals 1051 OR Incident.ID equals 941 OR Incident.ID equals 1651

                  • Affected Ruleset: Block on All Errors, Action: Rule added

                    • Name: Ignore Mail Bomb Warning

                      • Criteria: Error.ID equals 10063

                      • Action: Stop Rule Set

                      • Event: Block<Internal Error>

                Lists

                  • Affected list: Response URL Host Without Path Whitelist, Action: Entry modified

                    • Affected entries:

                      • In 7.1.0 entry was: *.windowsupdates.com

                      • In 7.1.5 entry was: *.windowsupdate.com

                    • Reason: Spelling mistake.

                    • Note: Please check for this if running anything lower than 7.1.0.0, this should be corrected automatically when you upgrade (fixed in 7.1.0.1 and 7.1.5).

                Changes from 7.1.5 to 7.1.6

                Rule Sets

                  • Affected ruleset: SSL Scanner > Handle CONNECT Call, Action: Rule criteria modified, Affected rule: Restrict Destination Port to Allowed CONNECT Ports

                    • In 7.1.5, criteria was: URL.Port is not in list Allowed CONNECT Ports

                    • In 7.1.6, criteria is: URL.Port is not in list Allowed CONNECT Ports AND Connection.Protocol.IsIM equals false

                    • Reason: For IM CONNECT requests should not be limited by port.

                  • Affected ruleset: SSL Scanner > Verify Common Name (Transparent Setup), Action: Rule criteria/name modified, Affected rule: Block Incident

                    • In 7.1.5, name was: Block Incident

                    • In 7.1.5, criteria was: Always

                    • In 7.1.6, name is: Block if Certificate is not in Certificate White List

                    • In 7.1.6, criteria is: SSL.Server.Certificate.HostAndCertificate is not in list Certificate White List°

                    • Reason: If an item was added to the "Certificate White List" it will not be blocked due to common name mismatches.

                  • Affected ruleset: Media Type Filtering, Action: Rule added

                    • Name: Perform Streaming Detection

                      • Criteria: Cycle.Name equals "Response" AND StreamDetector.IsMediaStream<Default Streaming Detection> equals true

                      • Action: Continue

                      • Event: None

                    • Reason: Streaming detection was added in 7.1.6, this helps with identifying streams and helps ensure good end-user experience.

                    • Applies to: Only possible 7.1.6+.

                    • Note: Later rules depend on this rule.

                  • Affected ruleset: Media Type Filtering > Download Media Type, Action: Rules added (disabled)

                    • Name: Block Not Detectable Data

                      • Criteria: List.OfMediaType.IsEmpty(MediaType.EnsuredTypes) equals true

                      • Action: Block<Media Type (Not Detected)>

                    • Name: Block Not Supported Archives

                      • Criteria: MediaType.EnsuredTypes at least one in list Archives AND MediaType.HasOpener equals false

                      • Action: Block<Not Supported Archive>

                    • Name: Block Multimedia Files

                      • Criteria: MediaType.EnsuredTypes at least one in list Audio OR MediaType.EnsuredTypes at least one in list Video

                      • Action: Block<Media Type (Common)>

                    • Name: Block Streaming Media

                      • Criteria: MediaType.EnsuredTypes at least one in list Streaming media

                      • Action: Block<Media Type (Common)>

                    • Reason: Provides examples of blocking files in new ways.

                  • Affected ruleset: Gateway Anti-Malware, Action: Rule disabled and list emptied, Affected rule: Allow URL Hosts That Matches in List Anti-Malware URL Whitelist

                    • Reason: New streaming detection rules obsoleted need for the list entries.

                  • Affected ruleset: Gateway Anti-Malware, Action: Rule removed, Affected rule: Allow Streaming Media From List Anti-Malware Media Type Whitelist

                    • Reason: Reason: New streaming detection rules obsoleted need for the list entries.

                  • Affected ruleset: Gateway Anti-Malware, Action: Rule added

                    • Name: Skip on Streaming Media

                      • Criteria: Cycle.Name equals "Response" AND StreamDetector.IsMediaStream<Default Streaming Detection> equals true

                      • Action: Stop Rule Set

                      • Event: None

                    • Reason: Replaces "Allow Streaming Media From List Anti-Malware Media Type Whitelist".

                    • Note: Only applicable in 7.1.6 due to use of streaming detection properties.
                  • Not evaluated yet.

                Log Handler

                  • No changes.

                Error Handler

                  • Affected ruleset: Long Running Connections, Action: Rule added

                    • Name: Keep IM Connection Alive for six Days

                      • Criteria: Connection.Protocol.IsIM equals true AND Connection.RunTime less than 518400

                      • Action: Stop Cycle

                      • Event: None

                    • Reason: IM connections need to be kept open longer than normal connections.

                  • Affected ruleset: Block on Anti-Malware Engine Errors, Action: Rule added

                    • Name: Block on Internal Anti-Malware Engine Errors

                      • Criteria: Error.ID equals 14002

                      • Action: Block<Internal Anti-Malware Engine Error>

                      • Event: None

                    • Reason: Added to provide a better block template in the event of an internal AV error.

                  Lists

                    • Affected list: Default known certificate authorities, Action: CAs added/removed

                      • In 7.1.5 there were 103 entries.

                      • In 7.1.6 there is 286 entries.

                      • 183 added, 27 removed.

                      • Reason: Modified to reflect that of what is stored by default in popular browsers.

                      • See attachment "716_CAs.lists.zip" if you wish to import the full list that is present in version 7.1.6. I suggest importing as a new list (only available on 7.1.6).

                  1_import_716.png

                    • Affected list: Anti-Malware URL Whitelist, Action: List emptied

                      • Reason: Obsoleted by steaming detection added in 7.1.6.

                   

                  Changes from 7.1.6 to 7.2.0

                  Rule Sets

                    • Affected ruleset: Media Type Filtering, Action: Rule removed, Affected rule: Enabled Perform Streaming Detection
                      • Reason: As of 7.1.6.1 the call to streaming detection is now implicit, so rule to call it explicitly is no longer needed.
                    • Affected ruleset: SSL Scanner > Certificate Verification, Action: New feature added (subscribed lists), so all rules reference a McAfee Maintained list of CAs.
                      • In 7.1.6, the list selection looked like:

                                                7160-7200_certveri-before.png

                      • In 7.2.0, the list selection looks like what you see below:

                                                7160-7200_certveri-after.png

                      • Reason: With this new feature, you as an admin does not have to worry about expired certificate authorities causing users to get blocked. Prior to this feature certificate authorities on the Web Gateway could only be updated as the software upgrades (from version to version).
                      • How to put this in place (can be done in two steps):
                        • Create the subscribed list go to Policy > Lists, click the "Add" button:

                                                          7160-7200_cas-create.png

                        • Reference the subscribed list in the configuration, go to Policy > Settings > Engines > Certificate Chain > Default. Then update the options to reference the list created above.

                   

                    • Not evaluated yet.

                  Log Handler

                    • Affected ruleset: Access Log, Action: Rule modified, Affected rule: Write access.log
                      • In 7.1.6 the event "Set User-Defined.logLine" was set to the following:

                                                7160-7200_logging-before.png

                      • In 7.1.6 the log header value in the event configuration of "Access Log Configuration" was:

                   

                  time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client "user_agent" "virus_name" "block_res"
                  
                      • In 7.2.0 the event "Set User-Defined.logLine" was changed to the following (BytesFromClient and Application Control fields were added):

                                                7160-7200_logging-after.png

                      • In 7.2.0 the log header value in the event configuration of "Access Log Configuration" is:

                   

                  time_stamp "auth_user" src_ip status_code "req_line" "categories" "rep_level" "media_type" bytes_to_client bytes_from_client "user_agent" "virus_name" "block_res" "application_name"
                  
                      • Reason: New values were added as new features were added (in the case of Application control).
                      • Note: This is not something that can be fixed by upgrading, you must correct this manually or reimport the log from the rule library.
                    • Affected ruleset: Access Denied Log, Action: Ruleset added
                      • Reason: There was growing demand for the Web Gateway to have it in the default ruleset. It was previously available in the ruleset library.

                  Error Handler

                    • Changes under analysis.

                  Lists

                    • Affected list: Default known certificate authorities, Action: List removed
                      • Reason: Rules now reference a subscribed list, so local list is not needed.

                  Changes from 7.2.0 to 7.3.0

                  Rule Sets

                    • Affected ruleset: SSL Scanner > Handle CONNECT Call, Action: Rule moved, Affected rule: Restrict Destination Port to Allowed CONNECT Ports
                      • In 7.2.0 the rule criteria was: SSL.Server.Certificate.HostAndCertificate is in list Certificate White List°
                      • In 7.3.0 the rule criteria is: (Connection.SSL.TransparentCNHandling equals false AND SSL.Server.Certificate.HostAndCertificate is in list Certificate White List°) OR (Connection.SSL.TransparentCNHandling equals true AND SSL.Server.Certificate.OnlyCertificate is in list Certificate White List°)
                      • Reason: Additional criteria accounts for transparent setups where whitelisting of the certificate is necessary.
                    • Affected ruleset: Common Rules > Restict CONNECT Ports, Action: Ruleset added
                      • Criteria: Command.Name equals "CONNECT" AND Connection.Protocol.IsIM equals false
                      • Reason: Restricting CONNECT ports would not have applied if the SSL scanner was disabled. Movement of this rule improves security.
                    • Affected ruleset: SSL Scanner > Handle CONNECT Call, Action: Rule moved, Affected rule: Restrict Destination Port to Allowed CONNECT Ports
                      • In 7.2.0 the rule was located under: SSL Scanner > Handle CONNECT Call
                      • In 7.3.0 the rule is located under: Common Rules > Restrict CONNECT Ports
                      • Note: I recommend putting this in place if you do not have it already.
                    • Affected ruleset: Common Rules > Restict CONNECT Ports, Action: Rule added, Affected rule: Allow Sending Back HTTPS Block Page
                      • Criteria: SSL.ClientContext.IsApplied equals false
                      • Reason: Without this rule, sending of the blockpage is not possible for HTTPS sites (that are blocked).
                    • Affected ruleset: Common Rules > Restict CONNECT Ports, Action: Rule added, Affected rule: Restrict Destination Port to Allowed CONNECT Ports
                      • Criteria: Always
                      • Reason: This rule will only trigger if a user is attempting to issue a CONNECT command and access a site not on port 443. This improves security for those not using the SSL scanner (as mentioned above).

                   

                  7300_restrict_connect_ports.png

                   

                   

                    • Not evaluated yet.

                  Log Handler

                    • No changes.

                   

                  Error Handler

                    • Affected ruleset: Block on Anti-Malware Engine Errors, Action: Rule modified, Affected rule: Block on Internal Anti-Malware Engine Errors
                      • In 7.2.0 the rule criteria was: Error.ID equals 14002
                      • In 7.3.0 the rule criteria is: Error.ID greater than or equals 14002 AND Error.ID less than or equals 14050
                      • Reason: New error codes were added for the Anti-Malware engine.
                    • Affected ruleset: Application Control Filter Errors, Action: Ruleset added
                      • Criteria: Error.ID greater than or equals 27000 AND Error.ID less than 28000
                      • Reason: Previously Application Control errors were handled by the catch all "Block on All Errors"
                    • Affected ruleset: Application Control Filter Errors, Action: Rule added, Affected rule: Application Control Engine Not Loaded
                      • Criteria: Error.ID equals 27001
                    • Affected ruleset: Application Control Filter Errors, Action: Rule added, Affected rule: All Other Application Control Engine Errors
                      • Criteria: Always

                   

                  Lists

                    • No signifigant changes.

                   

                  Changes from 7.3.0 to 7.3.1

                  Rule Sets

                    • Affected ruleset: Dynamic Content Classification, Action: Ruleset added
                      • Reason: In 7.3.1 a new feature was introduced which allows the Web Gateway to dynamically categorized (english) web sites. This new ruleset demonstrates how one can leverage this new functionality in a very basic way.
                      • How to import:  You can find the ruleset in the ruleset library under URL Filter > Dynamic Content Classification.
                    • Not evaluated yet.

                  Log Handler

                    • No changes.

                  Error Handler

                    • No changes.

                  Lists

                    • No changes.

                   

                  Changes from 7.3.1 to 7.3.2

                  Rule Sets

                  • Affected ruleset: Common Rules > Progress Indication, Action: Ruleset updated

                    • Reason: In 7.3.2, FTP upload progress indication was added. This allows FTP clients to recieve status information of the upload to the server.

                    • How to import:  You can find the ruleset in the ruleset library under Common Rules > Progress Indication.

                    • Screenshot:

                   

                  7320_progressindication.png

                   

                    • Affected ruleset: Gateway Anti-Malware, Action: Event added to rule, Affected rule: Enabled Skip on Streaming Media (renamed to "Enabled Start Media Stream Scanner on Streaming Media and Skip Anti-Malware Scanning")
                      • Reason: In 7.3.2, Media Stream Scanning has been added such that streaming media files can still be scanned by the Anti-Malware engine without interuption.
                      • Screenshot:

                  73200_streamscanner.png

                   

                  Log Handler

                    • No changes.

                  Error Handler

                    • No changes.

                  Lists

                    • Affected list: Response Whitelist, Action: Entry updated

                      • In 7.3.1 the list entry was: regex((.*\.)?streamerapi\.finance\.yahoo\.com)

                      • In 7.3.2 the list entry is: regex((?:.*\.)?streamerapi\.finance\.yahoo\.com)

                   

                   

                  Changes from 7.3.2 to 7.4.0

                  Rule Sets

                    • No changes.

                  Log Handler

                    • No changes.

                  Error Handler

                    • No changes.

                  Lists

                    • Affected list: Anti-Malware Media Type Whitelist, Action: List deleted

                      • Reason: No longer in use in rules.

                  Attachments:
                  Comments (14)