Hello kamensky@kronovision.sk 

I hope you are doing fine 

it would be best to:

[1] collect the HAR file to see if any specific file is getting blocked

[2] having the scanner's logs to DEBUG , for example if you are using SoPhos and Webroot, please change their log level to DEBUG

[3] add these to your acesslogs:

[ Request Details: ID = %I] [Client Port = %F, Server IP = %k, Server Port = %p][ AVC response = %:A> ,  AVC total = %:A< ,  DCA response = %:C> ,  DCA total = %:C< ,  McAfee response = %:m> ,  McAfee total = %:m< ,  Sophos response = %:p>, Sophos total = %:p<, Webroot response = %:w>, Webroot total = %:w<, Anti-Spyware response = %:<s, Anti-Spyware total = %:>s, AMP response = %:e>, AMP total = %:e<] [ x-amp-verdict = %X#1# , x-amp-malware-name = %X#2# , x-amp-score = %X#3# , x-amp-upload = %X#4# , x-amp-filename = %X#5# , x-amp-sha = %X#6# , x-p2p-amp-svc-time = %:e< , x-p2p-amp-wait-time = %:e> ] [x-resp-dvs-verdictname =%XZ , x-app-type = %Xu , x-icap-verdict = %Xp , x-ids-verdict = %Xl ] [x-sophos-scanerror = %Xx , x-sophos-file-name = %Xy , x-sophos-scanverdict = %XY , x-sophos-virus-name = %Xz , x-webroot-spyid = %Xs , x-webcat-req-code-full = %XR , x-webroot-scanverdict = %Xv , x-avc-reqbody-scanverdict = %XN , x-webroot-threat-name = %Xn , x-avc-resphead- scanverdict = %XM , x-mcafee-virus-name = %Xj , x-mcafee-av-virustype = %Xh , x-mcafee-av-detecttype = %Xg , x-mcafee-scanverdict = %Xj, x-avc-reqbody- scanverdict = %XH] [x-wbrs-score = %XW ]

then please share the date and time of the test + HRA log to the TAC, they will collect the Accesslogs from remote access and will investigate further. 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++