How do I disable a GAV signature?

06/01/2023 254 People found this article helpful 477,112 Views

Description

This article covers how to disable a GAV signature.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.

1. You can disable the signature in question by searching for the signature string on the Policy |Security Services | Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.

2. Using Monitor | Tools and monitor| Packet Monitor gather both a Libpcap and HTML version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWall technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.

TIP: Select HTML/Libpcap from dropdown menu in front of export as(as shown in image below).

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.

1. You can disable the signature in question by searching for the signature string on the Manage |Security Services | Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.

2. Using Investigate | Packet Monitor gather both a Libpcap and HTML version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWall technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.

TIP: Select HTML/Libpcap from dropdown menu in front of export as(as shown in image below).

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.

You can disable the signature in question by searching for the signature string on the Security Services > Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.
Using System > Packet Capture gather both a Libpcap and HTML version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWall technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.

TIP: To download TSR follow article:

https://www.sonicwall.com/en-us/support/knowledge-base/170503698742108

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

How do I disable a GAV signature?

Description

Resolution

Resolution for SonicOS 7.X

Resolution for SonicOS 6.5

Resolution for SonicOS 6.2 and Below

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch