Capture ATP Unknown files and BUV not blocking files

In most situations the issue can be resolved (unknown files and BUV not blocking) by enabling GAV Clientless notifications and http byte-range requests.

Enabling http byte-range requests allows http clients (like a Chrome browser or wget) to download files in pieces. So, if a file download was aborted for some reason, the client can still issue a http download command for the rest of the file . The firewall cannot identify that this download is related to some older file download which was aborted. This behavior can be mitigated to a large extent by ensuring that both GAV Clientless Notification http byte-range requests are turned ON. The former will block such partial download if the first download was aborted due to a virus identification. The latter will allow partial downloads if the file is not identified as a virus (for example Windows updates, etc.) if it is not blocked by the former. If GAV Clientless Notification is turned off and byte-range requests are turned on, the firewall does not collect the url or the supposed filename.

To confirm that both GAV Clientless Notification and http byte-range requests are turned on please perform the following:

1. Login to the firewall (default IP 192.168.168.168).
2. Navigate to Manage | Security Services | Gateway Anti-Virus.
3. Click Configure Gateway Settings.
   
4. Confirm that Enable HTTP Byte-Range requests with Gateway AV and Enable HTTP Clientless Notification Alerts are selected.
5. Click OK.