1 Reply Latest reply on May 29, 2015 7:15 AM by mhenttu

    File Blocked ? How can I see why and view contents


      We've recently enabled deep inspections and file filtering on our normal browsing access rules


      In the logs we are seeing connections being terminated witha situation of "File_Blocked" - that's good since it means that it's doing a job


      But we need to know why the file was blocked to decide whether this is false positive or otherwise - all I can find is that it's blocked by the "file filtering policy"

        • 1. Re: File Blocked ? How can I see why and view contents



          By default log browser does not show all log columns. In order to find more information of log entry two options come to mind.


          Double click log entry which opens detailed view. Interesting fields could be "responding scanner", "virus-identifier", GTI file reputation in ths case. For web traffic "HTTP request URI" log field shows also name of the file which might be useful.


          These same fields can be added to normal log browser view too. Just right click any header column in log browser and select column selection. From new window which opens columns can be added or removed.