I'm not aware of any workarounds, but I really wish you could turn on MCP in only one direction, or only to specific resources. It makes it a real pain when it flags traffic for poorly designed internet apps -- there's only so much one can do to get all these places to fix their applications.
Jeff Jarmoc - Sr. Network Analyst ________________________________________________________________________ _ Grubb & Ellis Company | email: [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Moon, Curtis Sent: Monday, June 12, 2006 10:00 AM To: [email protected] Subject: [FW-1] Malicious code detected We are using NGX r60 hfa03 on win2k3. All out going http goes through a proxy. I am trying to do a search on cat5 at anixter.com and I get this In my logs... Number: 1989555 Date: 12Jun2006 Time: 9:45:54 Product: SmartDefense Type: Log Action: Reject Protocol: tcp Service: http-No-WI (80) Source: proxy Destination: onlinecatalog.anixter.com (12.165.149.126) Information: reason: WSE0120001 malicious code detected in URL resource: http://12.165.149.126/PartDetailServlet?SOURCE=SEARCH&INDEX=0&PAGE=1&PAR TNO=2 64262&QUANTITY=&REFERER=SearchResultsServlet%3FQUERY%3DKEYWORD-SEARCH%26 SEARC HCRITERIA%3D%257BLOCATION%253D%252C%2BVIEW_AVAILABLE_PERMISSION_CODE%253 DN%25 2C%2BSEARCH_ACTION%253DKEYWORD-SEARCH%252C%2BCATALOG_COUNTRY_CODE%253D20 01032 000000000001%252C%2BCLASSIFICATION%253D%252C%2BUSER_ID%253D%2B%2B%2B%2B% 2B%2B %2B%2B%252C%2BCATALOG_LANG%253DEN%252C%2BSEARCH_INCLUDES%253DC%252C%2BKE YWORD %253Dcat%252B5%257D%26searchPage%3D1 Source Port: 7430 Attack Name: Malicious Code Protector Don't want to turn off MCP. Any work arounds? Thanks, Cmoon ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
