How do I disable a GAV signature?
Description
This article covers how to disable a GAV signature.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.
1. You can disable the signature in question by searching for the signature string on the Policy |Security Services | Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.
2. Using Monitor | Tools and monitor| Packet Monitor gather both a Libpcap and HTML version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWall technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.
TIP: Select HTML/Libpcap from dropdown menu in front of export as(as shown in image below).
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.
1. You can disable the signature in question by searching for the signature string on the Manage |Security Services | Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.
2. Using Investigate | Packet Monitor gather both a Libpcap and HTML version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWall technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.
TIP: Select HTML/Libpcap from dropdown menu in front of export as(as shown in image below).
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.
- You can disable the signature in question by searching for the signature string on the Security Services > Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.
- Using System > Packet Capture gather both a Libpcap and HTML version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWall technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.
TIP: To download TSR follow article:
https://www.sonicwall.com/en-us/support/knowledge-base/170503698742108