my WSA ignores additional suspected malware addresses when I connect via http to the website. Connections on Port 23 (telnet) to the host ARE detected.
I recently activated L4TM. In the L4 Traffic Monitor overview I can see several ports and sites being monitored (or if I want also blocked) when recognized as malware.
L4TM is set to "monitor all ports".
For testing purpose I defined a normal website as an "additional Suspected Malware Address" in the Websecurity Manager under "Edit L4 Traffic Monitor" settings. I expected this website beeing monitored or blocked, when I try to access the site via http from a browser. But this DOES NOT happen. On the other hand, when I try a telnet connection to the same host, the WSA firewall correctly detects the IP as a malware address and notes or blocks the connection, this also shows up in traffic monitor log.
I tried both, entering the IP address or hostname, but the WSA ignores it when connecting via http.
Can somebody confirm this (wrong?) behaviour or is my understanding of L4 monitoring wrong?