Gateway anti-virus blocking EXE or ZIP files download

Description

SonicWall Gateway Anti-virus blocking normal downloads like Adobe Flash Player and password protected zip files. 

Cause

The options "Restrict Transfer of packed executable files (UPX, FSG, etc.)" and "Password-Protected ZIP files" are enabled in Security Services | Gateway Antivirus | HTTP | Settings.


Image


Image

Packers like UPX, FSG, ASPack, etc are actively used in legitimate applications as well as by malware authors. If the customer chooses to enable the "Restrict Transfer of packed executable files (UPX, FSG, etc.)" options/signatures, the SonicWall will block the transfer of any executable file using that packer (E.g. Adobe flash player installer is packed using UPX 3.x and is correctly getting blocked by the enabled GAV signature).
 
Same applies to password-protected zip files, there is no way for any AV engine to decrypt and scan password protected zip file contents without knowing the password and hence there is a provision in SonicWall's GAV engine to identify and block the transfer of such files.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.


To fix this issue, you will have to disable the option "Restrict Transfer of packed executable files (UPFX, FSG, etc)" under the HTTP settings of Gateway Anti-Virus.

Step 1 : Use the Exclusion Settings

For the same click Policy | Security Services | Gateway Anti-Virus, click on HTTP Settings.

Image


Image

Step 2 : Submit a request to our GAV team to review the signature if you believe it is a false positive How can I report false positives or Virus/Trojan/malware samples to the Gateway AntiVirus team?


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


To fix this issue, you will have to disable the option "Restrict Transfer of packed executable files (UPX, FSG, etc.)" under the HTTP settings of Gateway Anti-Virus.

If you disable the option above and your download is still blocked because of a GAV signature, there are 2 options.

  1.  Use the Exclusion Settings
    For the same click  MANAGE and then Navigate to Security Services | Gateway Anti-Virus, click on HTTP protocol Settings .
    Image
    Image 
  2. Submit a request to our GAV team to review the signature if you believe it is a false positive How to report false positives or Virus/Trojan/Malware samples to the Gateway AntiVirus team.

Related Articles

  • How to export and import connection profiles in NetExtender
    Read More
  • Unable access High availability idle device using monitoring IP address
    Read More
  • SSL Control enabled with "Detect Certificate signed by an Untrusted CA" causes Windows Update to fail.
    Read More

Categories

Firewalls
TZ Series
IPS/GAV/Spyware
Firewalls
NSa Series
IPS/GAV/Spyware
Firewalls
NSv Series
IPS/GAV/Spyware
not finding your answers?
Ask the Community
was this article helpful?
YesNo