2 Replies Latest reply on Jan 13, 2012 3:24 PM by jkeranen

    Sidewinder firewall blocking all Adobe downloads.......saying virus scanner detected policy violation

    jkeranen

      Does anybody know how I can get my sidewinder firewall to allow downloads from Adobe for flash player and such.     Any help is appreciated.   Thanks.  

        • 1. Re: Sidewinder firewall blocking all Adobe downloads.......saying virus scanner detected policy violation
          sliedl

          What policy violation is it saying it's hitting?  Is it saying it's an encrypted file?

           

          My response here is from our internal community, about this same issue.  See if this fixes your problem:

           

           

          I set up HTTP to scan .exe files.  In the Application Defenses -> Virus Scanning section I have Scan Encrypted Files unchecked.  When I tried to download this file I got this audit message:

           

          Dec 23 13:00:52 2011 CST  f_http_proxy a_proxy t_attack p_major
          pid: 27499 ruid: 0 euid: 0 pgid: 27499 logid: 0 cmd: 'httpp'
          domain: htpp edomain: htpp hostname: sw1.fwdomain.com
          category: policy_violation event: virus scanner attack
          netsessid: 4ef4cfe3000c340c srcip: 10.11.1.2 srcport: 3214 srcburb: internal
          dst_local_port: 80 protocol: 6 src_local_port: 0 dstip: 206.169.246.168
          dstport: 80 dstburb: external attackip: 206.169.246.168 attackburb: external
          reason: The virus scanner detected a policy violation and denied the request.
          information: aihdownload.adobe.com/bin/install_flashplayer10x32ax_gtbd_aih.exe - File was encypted.

           

           

          I then went and checked the Scan Encrypted Files checkbox in the Virus Scanning section.  Now I can download the file just fine:

           

          (There are about 50 of these audit messages)


          Dec 23 13:01:46 2011 CST  f_vscan a_server t_info p_major
          pid: 41852 ruid: 0 euid: 0 pgid: 41844 logid: 0 cmd: 'scanner'
          domain: SCDN edomain: SCDN hostname: sw1.fwdomain.com
          +|scanner|INFO|MAJOR|VSCAN|SERVER
          =File was encrypted, allowed.


          Dec 23 13:01:46 2011 CST  f_vscan a_server t_info p_major
          pid: 41852 ruid: 0 euid: 0 pgid: 41844 logid: 0 cmd: 'scanner'
          domain: SCDN edomain: SCDN hostname: sw1.fwdomain.com
          +|scanner|INFO|MAJOR|VSCAN|SERVER
          =File was encrypted, allowed.


          (And now it's letting the download proceed)

           

          Dec 23 13:01:47 2011 CST  f_http_proxy a_proxy t_http_req p_major
          pid: 27499 ruid: 0 euid: 0 pgid: 27499 logid: 0 cmd: 'httpp'
          domain: htpp edomain: htpp hostname: sw1.fwdomain.com srcip: 10.11.1.2
          dstip: 206.169.246.168 request_command: GET
          url: aihdownload.adobe.com/bin/install_flashplayer10x32ax_gtbd_aih.exe
          result_code: 200 bytes_written_to_client: 776397 netsessid: 4ef4cfe500007e46

          • 2. Re: Sidewinder firewall blocking all Adobe downloads.......saying virus scanner detected policy violation
            jkeranen

            I did say the file was encrypted.   I will try out what you mention and let you know how it goes.   Thanks!!!