Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISA550W blocks Utah courts website PDFs

We recently turned on the AntiVirus security service. We are having two problems.

First, when one of the office staff tries to access a PDF document at this location ...

http://www.utcourts.gov/opinions/supopin/index.htm

... they ISA550W blocks them with the configured "Unsafe Website Access Blocked" page. We realize even the government is not invulnerable - so we've downloaded the files from an outside site and checked them with a number of different anti-virus tools. No virus found.

We found a post from about a year ago where folks were having trouble accessing files on google.com and another where the actual problem website was cisco.com. In both cases the solution appeared to be to wait until an updated signature file was available:

  1. https://supportforums.cisco.com/discussion/11804656/googlecom-has-been-identified-hosting-virus
  2. https://supportforums.cisco.com/discussion/12056326/isa500-block-ciscocom-website

Is this a normal occurrence? Should it be reported some other way?

The second issue is that we tried to temporarily mitigate the problem by selecting "Notify" instead of "Notify+Drop connection" for the HTTP protocol. This does not seem to work, the user still is blocked. Are we misunderstanding what "Notify" versus "Notify+Drop connection" means?

Under the "Configuring HTTP Notification" help section it says

If you select Notify as the action for the HTTP protocol, the alert message is sent to the user.

I assumed the term "sent" was a mistake, carried over from the "Configuring Email Notifications" help section. For HTTP I would expect a popup or other prompt to warn the user before allowing them to continue.

I would appreciate any suggestions or assistance.

Thank you - Richard

 

BTW Our firmware is at version 1.2.20 and the bootloader is at 0.0.20.  The Virus Data base is

Version: 
201406032122
Virus Pattern Number: 
680000
1 REPLY
New Member

  I actually encounter very

 

 

I actually encounter very similar issues..I run a tax and business services practice and quite often need to gain access to pdfs on various state of NY sites...Department of State, NYS Liquor Authority , NYS Department of Taxation , and the like.

 

I pretty much reasoned their sites are constantly under malicious attack, and thus the web reputation and/or IPS blocking kicking in.

 

I resigned myself to accessing an external network not monitored by the ISA to get the pdfs.

 

Have you figured a fix thru the appliance?

 

Thanks

 

Rick

 

 

 

85
Views
0
Helpful
1
Replies
CreatePlease login to create content