I had a user trying to get a boarding pass from www.southwest.com.
Malicious Code Protector would not allow the barcode to be down loaded.
Number: 4642290
Date: 26Oct2005
Time: 9:34:24
Product: SmartDefense
Origin: tracker01
Type: Log
Action: Reject
Protocol: tcp
Service: http (80)
Source: nehcpx01
Destination: www.southwest.com (12.5.136.100)
Source Port: 3590
Attack Name: Malicious Code Protector
Information: reason: WSE0120001 malicious code detected in URL
resource:
http://12.5.136.100/cgi-bin/rotatedBarcode?text=1%5e405%5eOMA%5e26OCT%5eL%5eN
%5eL%5eP2641%5e60%5eB%5e97BE44%5eJEFF%2fJOHNSON%5eUPSKRZCT2T47N9PZ
I have MCP set to the lowest setting. Is there a way to allow certain
domains to by pass Web Intelligence or a setting in Global Properties to
allow url like this?
We are running on Win2k3 R60 hfa01. I am passing all http traffic through
MCP.
Thanks,
Curtis Moon
Curtis Moon
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
