12-02-2014 10:49 AM - edited 03-12-2019 05:36 AM
I am currently looking for a way to exlude IP's from the Malware File lookup on a perimeter 3D sensor but am not having much luck.
For example, there are Windows patches and other trusted file deployment events that go through the sensor to multiple systems and it is causing a large number of file lookup events (from the malware protection license functionality). I have tried adding a rule in the Access Control policy that is src the patch server and dst any allow with either a blank file lookup policy defined in the rule, or it set to "none". However the systems are still generating large numbers of file lookup events.
Anyone had any luck with this?
Solved! Go to Solution.
12-12-2014 01:45 PM
Access Control Policy is the way to do it. What you described should work, there is likely some issue with the rules - either the rule criteria or the rule order - that is causing this.
12-12-2014 01:45 PM
Access Control Policy is the way to do it. What you described should work, there is likely some issue with the rules - either the rule criteria or the rule order - that is causing this.
01-08-2015 01:46 PM
Thanks atatistc, I was silly and put the location being downloaded from as src in the AC rule, but connection events showed its a pull function initiated from the clients, after correcting that it seems to be working as expected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide