Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicWall CATP is not working as expected

Dear Team,

We are doing a demo for one of the customer on SonicWall services specially in CATP.

CATP is detecting the file as malicious but not blocking it. User can download.

Malware test file download site : https://dasmalwerk.eu/

Block download until verdict comes enabled.

We have enabled DPI as well. It seems we will lose the customer trust if we don’t prove that CATP blocking malicious files.
Category: Firewall Security Services
Reply

Answers

  • Hello @Connex_Ananth,

    I tested this is my lab environment. I clicked on the very first sample and it was blocked by CATP as expected. I was taken to the following page on the website itself. The user was not able to download the sample file at all.

    I received the following status on the SonicWall UI.


    Also, immediately received the email letting me know about this malicious file.

    I would suggest checking if DPI SSL is fed to the GAV engine under Decryption Services -> DPI SSL/TLS Client -> General tab. Also, if there are any exclusions in place for DPI SSL or GAV or CATP.

    We have also introduced exclusions for BUV, please make sure there are no exceptions done there.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Dear @shiprasahu93 ,

    I have checked the same but when downloading the file, downloading is getting failed first time but if you resume the download it will be able to download.

    In my test environment, CATP identifies as malicious but can download the file if we resume the download.

    Have you tried in Google Chrome and Firefox ? I haven't tried in Internet Explore.

    Can you try and let me know ?


    Thanks,

    Ananth

  • @Connex_Ananth,

    I tested on both Google Chrome and Mozilla Firefox and they seem to get blocked correctly.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Dear @shiprasahu93

    Thanks for the update. I have checked in Gen 7 beta box. Let me check on Gen 6 box then.

    Thanks,
    Ananath
  • @Connex_Ananth,

    I was checking on a Gen 6 device. I will try out on a Gen 7 box too.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • shiprasahu93shiprasahu93 Moderator
    edited August 28

    @Connex_Ananth,

    I tested this with a TZ 570P as well and it seems to work on all browsers there too. Which device are you testing with and firmware is it on?

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • @shiprasahu93

    I have tested in my beta box TZ670.

    It worked for me as well but I was able to download the file after resume the failed download.

    Did you get file failed?
  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @Connex_Ananth ,

    For resolving the subjected issue, Enable HTTP Byte-Range requests with Gateway AV and Enable HTTP Clientless Notification Alerts.

    https://www.sonicwall.com/support/knowledge-base/capture-atp-unknown-files-and-buv-not-blocking-files/180615112909587/

Sign In or Register to comment.