Capture ATP Unknown files and BUV not blocking files
03/26/2020 21 7384
In most situations the issue can be resolved (unknown files and BUV not blocking) by enabling GAV Clientless notifications and http byte-range requests.
Enabling http byte-range requests allows http clients (like a Chrome browser or wget) to download files in pieces. So, if a file download was aborted for some reason, the client can still issue a http download command for the rest of the file . The firewall cannot identify that this download is related to some older file download which was aborted. This behavior can be mitigated to a large extent by ensuring that both GAV Clientless Notification http byte-range requests are turned ON. The former will block such partial download if the first download was aborted due to a virus identification. The latter will allow partial downloads if the file is not identified as a virus (for example Windows updates, etc.) if it is not blocked by the former. If GAV Clientless Notification is turned off and byte-range requests are turned on, the firewall does not collect the url or the supposed filename.
To confirm that both GAV Clientless Notification and http byte-range requests are turned on please perform the following:
- Login to the firewall (default IP 192.168.168.168).
- Navigate to Manage | Security Services | Gateway Anti-Virus.
- Click Configure Gateway Settings.
- Confirm that Enable HTTP Byte-Range requests with Gateway AV and Enable HTTP Clientless Notification Alerts are selected.
- Click OK.