cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

My proxy only scans the download of some files

Jump to solution

 

Hello Community!

I have the following problem:

I am configuring a Web Gateway from scratch ... and I would like to know which is the rule that by default makes the proxy scan any file that is trying to download .. because in my case, the proxy scans some files and others do not .. in particular files less than 200 Mb always ignore ..

If I try to download a small file the scanner is skipped .. (and should not) since that site is not in my white list (also disable the rule of the white list and isgual is still omitting the scanner)

I leave screenshots of my problem and my rules:

 

This is the download of a small file:

captura2.pngcaptura1.pngconfiguracion.GIF

2 Solutions

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 13

Re: My proxy only scans the download of some files

Jump to solution

Hi Gabriel,

Hope you are doing well.

It looks like you dont have SSL Scanning enabled on the device. In order for MWG to look into HTTPS traffic SSL inspection should be done by MWG.

For customers who are not using the SSL Scanner, there are still cases where the Web Gateway may need to ‘interact’ with the SSL connection.  One example is if we need to issue a block page to an HTTPS request.  If the Web Gateway is not configured to interact with the SSL connection, it will issue an HTTP block page in response to that HTTPS browser request.  As a result, your browser will display an error, or a “Page Cannot Be Displayed”.

 

Also make sure the certificate you are using for SSL Scanning it should be trusted by the client machines.

IMPORTANT: In order to display a block page or send a redirect, Web Gateway must have Client Context set somewhere in the rule.

 

Please refer below link for more information:-

https://community.mcafee.com/t5/Documents/Web-Gateway-Understanding-quot-Client-Context-quot/ta-p/55...

 

Regards

Alok Sarda

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 13

Re: My proxy only scans the download of some files

Jump to solution

Hi Gabriel,

You can create a service request from support portal using below link :-

https://support.mcafee.com/ServicePortal/faces/wcnav_defaultSelection?_afrLoop=1904624982167000&_afr...

 

Click on Service Requests->Create a service request tab.

 

Regards

Alok Sarda

 

12 Replies

Re: My proxy only scans the download of some files

Jump to solution

I think my problem is that it does not scan any file that comes through HTTPS .. the same thing happens when I block sites, if I block a web page that uses HTTPS the proxy blocks it but it does not show me the "Template" that I associate with the rule blocking  Smiley Sad

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 13

Re: My proxy only scans the download of some files

Jump to solution

Hi Gabriel,

Hope you are doing well.

It looks like you dont have SSL Scanning enabled on the device. In order for MWG to look into HTTPS traffic SSL inspection should be done by MWG.

For customers who are not using the SSL Scanner, there are still cases where the Web Gateway may need to ‘interact’ with the SSL connection.  One example is if we need to issue a block page to an HTTPS request.  If the Web Gateway is not configured to interact with the SSL connection, it will issue an HTTP block page in response to that HTTPS browser request.  As a result, your browser will display an error, or a “Page Cannot Be Displayed”.

 

Also make sure the certificate you are using for SSL Scanning it should be trusted by the client machines.

IMPORTANT: In order to display a block page or send a redirect, Web Gateway must have Client Context set somewhere in the rule.

 

Please refer below link for more information:-

https://community.mcafee.com/t5/Documents/Web-Gateway-Understanding-quot-Client-Context-quot/ta-p/55...

 

Regards

Alok Sarda

feickholt
Level 10
Report Inappropriate Content
Message 4 of 13

Re: My proxy only scans the download of some files

Jump to solution

As I understand it, the problem here is that small files are apparently not being scanned by the AV scanner. I suspect there's been a little misunderstanding. I suspect that small files are also examined, but this is so fast that the progress page is not displayed. Then the download is transparent for the user. You can create a log entry in the AV RUleset which writes all analyses into a logfile. Alternatively you can download the EICAR Download Sampler. This is very small (<1K) and should create a block page. Then you can see if the AV scanner also works with small files.

 

Re: My proxy only scans the download of some files

Jump to solution

Hello Friend, thanks for your response. But I am sure that the files are not being analyzed, because at the moment of downloading they use tools that are applied through "Rule tracing central" ... and that they do not do when I download sites. HTTPS does not apply the scan rule nor does it block the .exe (which is another rule I have created) ..

I lean more for the theory of "aloksard" that tells me that I must activate the SSL analysis (which I already have active but may not configure the rules well)

regards Smiley Happy

Re: My proxy only scans the download of some files

Jump to solution

Hi, I have enabled the SSL Scaner and the Client context as they suggested but I still have the same problem .. when I go to a page that is blocked, it does not show me the MWG template that I have associated with that rule.

I leave screenshots of the rules that I create and the error that I have ..

Pdta: I still have the problem that nome scans files.exe that come from HTTPS pages

ssl scanner1.PNGssl scanner2.PNGError Firefox 2.PNGError Firefox.PNG

Re: My proxy only scans the download of some files

Jump to solution
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 13

Re: My proxy only scans the download of some files

Jump to solution

Hi Gabriel,

Hope you are doing well. Thanks for the update here.

Looking at the screenshot it is seen that user is getting certificate error, if you click on more details of the certificate you should more about the error.

After enabling SSL Scanner did you import the certificate into clients machine so that the certificate can be trusted, it looks like the certificate used for SSL Scanner is not present in clients browser due to which issue is occuring.

If you click on more details of the certificate warning user is getting you should see Unknown Issuer error if this is the case.

You can export the certificate from the Default CA SSL client context setting  and then import it users machine browser.

 

Please refer below for depaloing certificate to client machines:-

https://community.mcafee.com/t5/Documents/Web-Gateway-Deploying-a-trusted-CA-to-your-Clients/ta-p/55...

 

Requets you to the certificate in users browser and then check if you are successfully seeing block page for the HTTPS website which is being blocked by MWG.

 

Regards

Alok Sarda

 

 

 

Re: My proxy only scans the download of some files

Jump to solution

Hello aloksard!

I have tried importing the certificate to the PC and part of this solution has worked for me, but I notice that when I block the HTTPS pages it does not show the URL on the blocking screen and when I frame a URL by HTTP if it shows it on the screen. blocking .. why would this happen?

On the other hand, also note that the MWG continues to scan the files that comes through HTTPS ..

Here I leave captures of the situation:

 

prueba1.PNGPrueba2.PNGPrueba3.PNG

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 13

Re: My proxy only scans the download of some files

Jump to solution

Hi Gabriel,

Thanks for the update here. Glad to hear that we have made some progress here and now you are getting block page for HTTPS blocked website.

Modification to your SSL Scanner rule set is also required here to configure it properly.

Request you to raise a service request with Mcafee Support and ping me the service request so that I can take ownership of the ticket and assist you further. May be we can have a quick webex session and get this resolved.

 

Regards

Alok Sarda