How to temporarily disable anti virus?
Craig_S
Newbie ✭
We've got a proprietary log file that keeps getting stopped for being a virus by the ES5000 running 10.0.6. I had turned off the Capture ATP in the hope it would pass through, but no. Also I've created a filter to skip Spam and Phishing analysis for that sender, but there is no way to disable the AV.
Also, maddeningly, the description of the threat doesn't help: X-Mlf-Threat-Detailed: virus;hasattach; V_gggruggvucftvghtrhhoucdtuddrgeduhedruddufedgjeelucetufdoteggodetrfcurfhrohhfihhlvgemucfuqffpkfevhgetnffnnecuuegrihhlohhuthemuceftddtnecuggfktfgfufcukfhntggvphhtihhonhdvnecujfgurhephffvufffkfgtggesmhdtjhertddtvdenucfhrhhomhepvegrrhihucfotgghhhhorhhtvghruceotghmtgifhhhorhhtvghrsehsthgvrhhilhhithgvrdgtohhmqeenucggtffrrghtthgvrhhnpefgueffveehffdtteeuteevgeefueefhffgieeitdffgfduhfffudetueehvdelgfenucfkphepuddvjedrtddrtddruddpvdduiedrudelgedrvdegrdelfeenucfrrghrrghmpehhvghlohepfhgrkhgvrdhhvghlohdrtghomhdpihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomheprgguughrvghsshesughomhgrihhnrdgtohhmpdhrtghpthhtoheprgguughrvghsshesughomhgrihhnrdgtohhmpdhrtghpthhtoheprgguughrvghsshdvseguohhmrghinhdrtghomh
Is there a way to temporarily whitelist a sender or file type to not be inspected by the SonicWall AV? The email has already passed through two other AV systems before hitting the ES5000 and was determined to be clean.
Best Answer
-
CORRECT ANSWERDavid W
SonicWall Employee
The specific item you are referencing is being caught by Vade.
You can disable the Vade AV plugin on the diag page under server settings.
The best way to resolve this is to open a support case and have a sample that is caught and the original attachment as well and support can submit it to the effectiveness team to resolve.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security
5
Answers
Hi @Craig_S ,
Please follow the below link for the admin guide and Navigate to "Exception Management"
Please try and let us know if that helps.
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
I see that the exception management referenced here is for the Capture ATP, but currently Capture ATP is turned off. The file is still being flagged for a virus by the ES5000.
@Craig_S ,
I would suggest contacting SonicWall support so that we can help you troubleshoot this issue in real-time.
Thanks !!
Nevyaditha P
Technical Support Advisor, Premier Services
Hi @Craig_S
Two from the bottom of the Actions in the Filter " Skip Capture ATP"
---Stephan
Sadly there is no effective means to simply send False Positives / False Negatives for review.
This really needs to be fixed as the current routine is ridiculously time consuming and inefficient for all involved.
Having to disable the AV doesn't sound like a great option too me.
Can we ever expect to see a better result form Vade rather than a long line of "garbage" ?