How to Restrict Transfer of packed executable files like UPX, FSG, PKLite32, Petite, and
03/26/2020 11 13054
Restrict Transfer of packed executable files (UPX, FSG, etc.) - option in the Security Services |Gateway Antivirus disables the transfer of packed executable files.
Packers are utilities which compress and sometimes encrypt executables. Although there are legitimate applications for these, they are also sometimes used with the intent of obfuscation, so as to make the executables less detectable by anti-virus applications. The packer adds a header that expands the file in memory, and then executes that file. SonicWall Gateway Anti-Virus currently recognizes the most common packed formats: UPX, FSG, PKLite32, Petite, and ASPack. additional formats are dynamically added along with SonicWall GAV signature updates.
Step 1: Login to the SonicWall Management Interface. Step 2: Navigate to Security Services | Gateway Antivirus. Step 3: Ensure the Enable Gateway Antivirus option is checked. Step 4: For each protocol you can restrict the transfer of files with specific attributes by clicking on the Settings button under the protocol Step 5: In the pop up window, enable the Restrict Transfer of packed executable files (UPX, FSG, etc.) option.
By default, SonicWall GAV inspects all inbound HTTP, FTP, IMAP, SMTP and POP3 traffic. Generic TCP Stream can optionally be enabled to inspect all other TCP based traffic, such as non-standard ports of operation for SMTP and POP3, and IM and P2P protocols.
Step 6: Click OK and Accept buttonto save the settings.