cancel
Showing results for 
Search instead for 
Did you mean: 
morpheus
Level 7

Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Hi

New Web Gateway appliance re-imaged to v7.1.0.2.0, policy restored from virtual test environment from WG v7....something.

Using Web Gateway v7.1.0.2.0 I did some finishing off on my config (adding NTLM authentication) and final testing before going live but.....:

- Any reason why the Eicar test download page allowed me to download the HTTPS: eicar.com, txt, & both .zips? The first two HTTPS's where downloaded and detected by local McAfee AV, the latter I didn't test extraction but was able to download?

- The normal HTTP where all blocked by the Web Gateway.

- The  default Gateway Antimalware section on the WG hasn't been changed.

- Trusted Cloud is not in use as I don't have this feature.

Message was edited by: morpheus on 20/06/11 16:46:23 IST
0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Paypal doesnt serve all of its content from "paypal.com" so this may be what you are seeing. For example, some of the items are served from "paypalobjects.com".

The certificate prompts from IE, only appear because you do not trust the Web Gateway's CA, as soon as you trust it, they will not appear.

~Jon

0 Kudos
6 Replies
McAfee Employee

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Is SSL scanning on? By default it is off.

~jon

0 Kudos
morpheus
Level 7

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Hi

See below my current settings, it looks like it's on to me but maybe there's something else I need to do?

McWG-AM01.jpg

McWG-AM02.jpg

0 Kudos
McAfee Employee

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

At the top of your first screenshot, the ruleset is grayed out, meaning it is off.

The second shot shows the "engine" settings for SSL scanning, which are referenced in the "SSL scanner" ruleset in the first screenshot.

~Jon

0 Kudos
morpheus
Level 7

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Thanks Jon...I missed that.

i generated a new Default CA so the dates where up to date, didn't change any of the default Mc....content provided.

Eicar test for HTTPS now works as expected, WG gives the block message.

So I enabled the SSL and noticed that going to https://live.sagepay.com/mysage gave the IE prompt to continue to the website as there was a problem with the certificate, on continuing the IE address bar is red at the top and I see that McAfee is in the details of the certificate. I guess this is to be expected as I've probably not got this fully configured properly.

I put https://live.sagepay.com/mysage into the host tunnel list and this resolved the problem.

I attempted to do the same (tunnel) with www.paypal.com, which for me resolves to https://www.paypal.com/uk.....etc. But IE9 (haven't tried another browser), prompts at the bottom of the page Internet Explorer blocked this website from displaying content with security certificate errors. The address bar is green at this time as well. Clicking the prompt at the bottom enters paypal and all displays as expected.

Bypassing the proxy to paypal doesn't give the IE prompt.

- Is there a way to stop IE prompting, even though WG is tunneling this site.

- Also I may have other HTPS sites used which I'm not aware of, so assuming the sage site above was one of those, what steps would be needed for me to get the sage site workng if it wasn't tunneled.

0 Kudos
McAfee Employee

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Paypal doesnt serve all of its content from "paypal.com" so this may be what you are seeing. For example, some of the items are served from "paypalobjects.com".

The certificate prompts from IE, only appear because you do not trust the Web Gateway's CA, as soon as you trust it, they will not appear.

~Jon

0 Kudos
morpheus
Level 7

Re: Web Gateway v7.1.0.2.0 - HTTPS Eicar download was not blocked by WG??

Jump to solution

Hi Jon

Thanks for your help, I saved out my CA Certifiacte and configured to import via group policy.

0 Kudos