Gateway anti-virus blocking EXE or ZIP files download

06/30/2023 287 People found this article helpful 502,465 Views

Description

SonicWall Gateway Anti-virus blocking normal downloads like Adobe Flash Player and password protected zip files.

Cause

The options "Restrict Transfer of packed executable files (UPX, FSG, etc.)" and "Password-Protected ZIP files" are enabled in Security Services | Gateway Antivirus | HTTP | Settings.

Packers like UPX, FSG, ASPack, etc are actively used in legitimate applications as well as by malware authors. If the customer chooses to enable the "Restrict Transfer of packed executable files (UPX, FSG, etc.)" options/signatures, the SonicWall will block the transfer of any executable file using that packer (E.g. Adobe flash player installer is packed using UPX 3.x and is correctly getting blocked by the enabled GAV signature).

Same applies to password-protected zip files, there is no way for any AV engine to decrypt and scan password protected zip file contents without knowing the password and hence there is a provision in SonicWall's GAV engine to identify and block the transfer of such files.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

To fix this issue, you will have to disable the option "Restrict Transfer of packed executable files (UPFX, FSG, etc)" under the HTTP settings of Gateway Anti-Virus.

Step 1 : Use the Exclusion Settings

For the same click Policy | Security Services | Gateway Anti-Virus, click on HTTP Settings.

Step 2 : Submit a request to our GAV team to review the signature if you believe it is a false positive How can I report false positives or Virus/Trojan/malware samples to the Gateway AntiVirus team?

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

To fix this issue, you will have to disable the option "Restrict Transfer of packed executable files (UPX, FSG, etc.)" under the HTTP settings of Gateway Anti-Virus.

If you disable the option above and your download is still blocked because of a GAV signature, there are 2 options.

Use the Exclusion Settings
For the same click MANAGE and then Navigate to Security Services | Gateway Anti-Virus, click on HTTP protocol Settings .
Submit a request to our GAV team to review the signature if you believe it is a false positive How to report false positives or Virus/Trojan/Malware samples to the Gateway AntiVirus team.