Stop Content Disarm alerts

Shlomi_Cohen · ‎10-30-2019

I'm getting alerts about "File was disarmed by Content Disarm engine" set up in AV profile.

how I can stop getting those alerts and keep getting AV alerts?

Thanks,

Message meets Alert condition

File Block Detected: "20190910230052.pdf" Protocol: "HTTPS" …. type="utm" subtype="virus" eventtype="content-disarm" level="warning" vd="root" eventtime=1572421983 msg="File was disarmed by Content Disarm engine." action="content-disarmed" service="HTTPS" sessionid=216815780 srcip=XXXXXXX dstip=XXXXXX srcport=54567 dstport=443 srcintf="XXX" srcintfrole="XXX" dstintf="XXX" dstintfrole="XXX" policyid=XXX proto=6 direction="incoming" filename="20190910230052.pdf" checksum="4a3621f7" url="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" profile="AV-Default" analyticscksum="XXXXXXXXXXXXc" contentdisarmed="disarmed" crscore=10 crlevel="medium"

jim3cantos · ‎01-15-2020

Shlomi Cohen wrote:
I'm getting alerts about "File was disarmed by Content Disarm engine" set up in AV profile.
how I can stop getting those alerts and keep getting AV alerts?

Is not possible (Support dixit).

José Ignacio Martín Jiménez

Stop Content Disarm alerts

Nominate a Forum Post for Knowledge Article Creation