Hello,
We are running a web gateway test, and having looked at the results, a lot of the test results, should have been blocked by Defender, however they are being allowed - I have checked our EDR and Attack Surface policy and everything is switched on.
Does anyone have any ideas why the Web Gateway is showing so many high fails.
Hello
In what kind of category do you see these false negative results ?
Do you see “allowed” results when actually they are blocked in your WG?
Hi Shiraz,
I am seeing them in Files and Files Policy categories.
Hi,
File types are unlikely to be blocked by endpoint protection, such as defender. It would need to use host based decryption of the data stream from the site where the file is being downloaded from, so it can be inspected before it reaches the cymulate machine. Ideally, you would force all such requests through a web proxy that uses deep packet inspection - the proxy would install its own certificate on the website so it can decrypt the traffic and look for file types or malicious code.
Hope that helps.
Richard
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
