Grayware

mhe · ‎01-17-2005

Hi! Does anyone know how the grayware protection in 2.8 works? I tried to download a BHO to a VirtualPC and nothing was blocked/logged. I never saw something like " grayware" in the logs... Regards from switzerland, martin

UkWizard · ‎01-17-2005

What do you mean, by a ' virtualpc' . The unit checks smtp,ftp and http traffic for files that have signatures matching known grayware files. (same as the av). So unless it was covered over those services, it wont be detected.

UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.

mhe · ‎01-17-2005

VirtualPC is just a tool from Microsoft (like VMWare). I don' t want to install such a BHO on my PC... I downloaded this BHO by http, but there' s nothing in the logs so I think that our FG hasn' t detected it..

Do I have to enable it somewhere? What actions are taken when grayware is detected? Has anyone ever detected grayware???? martin

Report Inappropriate Content · ‎01-20-2005

Yes, I have. Grayware is logged (in purple) in the Anti-Virus logs. To enable Grayware go to: Anti-Virus->Config and then the Grayware-tab. Enable all categories you want to check for.

Report Inappropriate Content · ‎01-21-2005

We have just started a evaluating a demo unit, a 400A, and have enabled the Greyware option. It' s fairly efficient and while it doesn' t catch everything, its definatly adding to my log file size. Looks as if I have well over 900 entries from just the two sites I filtered my log on....todays log.

Wayne11 · ‎02-03-2005

Hi Martin I have exactly the same probs.

All graywares are activated but nothing will be blocked. I also never saw some grayware detections in the logs. Regards Marco p.s. also from Switzerland

Report Inappropriate Content · ‎02-03-2005

It' s been working great for me since 2.80 MR4. Take a peek at the screenshot below for an example from my logs of what you might see. The 4th entry from the top is an Adware entry. Hmmm... And I see I' m going to have to investigate what Mr. 192.168.1.97 is doing...

Wayne11 · ‎02-03-2005

Great for you

but my log looks like this

mhe · ‎02-03-2005

Hmm... Is this logged Adware using port 80? I have limited int -> ext to http and https. Does your FG also blocks the download (ext -> int) of Spyware (such as Hotbar)? regards martin

Report Inappropriate Content · ‎02-03-2005

Is this logged Adware using port 80? I have limited int -> ext to http and https.

Yes, the entry I have in my logs is HTTP. The A/V scanner only works on files though: not requests. So for example, if someone already has hotbar installed on their system, if will not prevent hotbar from comminicating with it' s home servers. It might, however, prevent hotbar from being updated or from downloading any new additions since that would come in file form most likely. In order to prevent hotbar communications, you need to make an entry in the Web Filter / URL Block section on your FGT for hotbar.com. Then add that filtering to the protection profile you' re using for your Ext -> Int policy.

Does your FG also blocks the download (ext -> int) of Spyware (such as Hotbar)?

Yes, the FG will block some spyware. Hotbar does not appear to be on their list for some reason. I' m not sure why....

Grayware

Nominate a Forum Post for Knowledge Article Creation