This article will explain how to check blocked IPs and how to check false-positives for anti-malwares and IP reputation filter (URL Threat Filter & DNS Threat Filter).
Check Threats via Threat Intelligence
You can check viruses via our Threat Intelligence website
https://threatintelligence.zyxel.com/malware
1) Anti-Malware
For Anti-Malware, please navigate to
Monitor -> Security Statistics -> Anti-MalwareMake sure that the "collect statistics" is enabled, otherwise, the firewall won't record any viruses detected.
1.1 For False-Positives
If you are not sure if this is a false-positive or not, please contact Zyxel Support.
However, if you know that the file is secure and you want to allow it, you can do so by navigating to
Configuration -> Security Service -> Anti-Malware -> Block/Allow ListThen you can add the signature of that false-positive.
2) IP Reputation Filter
This section will talk about blocked IPs and how you should handle them.
For Reputation Filter, please navigate to
Monitor -> Security Statistics -> Reputation FilterMake sure that the "collect statistics" is enabled, otherwise, the firewall won't record any URLs detected.
2.1 Verify the IPs detected
Our devices use the database of Webroot for it's IP Reputation filter.
You can verify the result of our device here:
https://www.brightcloud.com/tools/url-ip-lookup.php
2.2 Prevent certain IPs of getting blocked
First you should verify the result of our device with other IP Reputation services like Cyren, Cisco, Trendmicro, Symantec or Proofpoint. When they all are the same opinion, that the IP is clean, then you can add the IP to the whitelist without fear, that it could still cause harm to your network.
You can find the white list under the following path:
Configuration -> Security Service -> Reputation Filter -> IP Reputation -> White ListYou can only add IPs to the white list. It's not possible to add URLs or FQDNs.
Comments
0 commentsPlease sign in to leave a comment.