Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Capture ATP Log not current

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

in the last day I saw an increase of incoming E-Mail containing viruses or other malware. Gladly my ESA (10.0.6) got me covered.

Some E-Mails got blocked because of this Category: "V:gggruggvucftvghtrhhoucdtuddrgeduhedrgeeigdduudduucetufdoteggodetrfcurfhrohhfihhlvgemucfuqffpkfevhgetnffnnecuuegrihhlohhuthemuceftddtnecuggfktfgfufcuqfefkedvqdduhedqteevgffvtegkjeiinecujfgurheptggguffvhfffkfesmhdtrehhtddtudenucfhrhhomhepoffgtfevqffkffcuifftqfgfrfcuoehinhhfohesghgvnhgvfigrhidqtghomhdrtghfqeenucffohhmrghinhepvhgrlhhvvgdrtghomhdpmhgvrhgtohhiugdrtghomhdrmhihnecukfhppeduvdejrddtrddtrddupdeigedrudeltddrledtrddujeeknecurfgrrhgrmhephhgvlhhopehfrghkvgdrhhgvlhhordgtohhmpdhinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpegruggurhgvshhsseguohhmrghinhdrtghomhdprhgtphhtthhopegruggurhgvshhsseguohhmrghinhdrtghomhdprhgtphhtthhopegruggurhgvshhsvdesughomhgrihhnrdgtohhm"

whatever that means, a more readable Signature/Threat-Name would be helpful. Sometimes SonicWalls own GRID_AV is mentioned in the category, sometimes not, maybe it's Vade or else.

But some other Mails are blocked because of Capture ATP. Why does these detections do not come up in the Capture ATP Logs? The Log itself seems to be working in general, because there are some current entries listed, but not for the recent detections.

--Michael@BWC

Category: Email Security Appliances
Reply

Answers

  • J_M0eckelJ_M0eckel SonicWall Employee

    Hi, Michael.


    Can you tell me how long you are waiting for the Capture ATP log to update? It can sometimes take up to 10 minutes for the log to catch up.

    Addtionally, is this an all-in-one or a split configuration? If split config, you could be experiencing replication slowness.


    Thanks,

    Jenn

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @J_M0eckel

    the last capture events were from April 22nd and they did not show up til than, it's an all-in-one deployment, usually a couple of minutes were enough in the past.

    --Michael@BWC

  • J_M0eckelJ_M0eckel SonicWall Employee

    @BWC

    If your Capture ATP log has not updated since April 22, it sounds like there is a larger issue going on. I recommend opening a support case so we can dig further into what you're experiencing.

    Thanks.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    No you got me wrong, the Capture ATP log is current, but there was no threat marked as detected in the Capture ATP log, when the message log clear says on April 22nd there was one catched by Capture ATP service (Threat Virus).

    --Michael@BWC

  • J_M0eckelJ_M0eckel SonicWall Employee

    @BWC

    Oh, I see. In that case, we would still need to investigate further to determine why the Message Logs indicate the message was flagged by Capture, but is not appearing in the Capture ATP Logs.

    Thanks.

Sign In or Register to comment.