Sophos XGS: How to configure Zero-day Protection on Sophos XGS.

Overview

Zero-day protection uses multiple different analysis techniques and combines these to determine if a file is likely to be malicious or not. This gives you more information and helps reduce false positive detections. Use these results to determine the level of risk posed to your network if you release these files.

The article will guide you to configure the Zero-day Protection feature to help analyze and evaluate suspicious downloads.

Network Diagram

Instructions

Step 1: Create Firewall Rule to enable Zero-day Protection feature

Go to Rule & Policies > Add Firewall Rule > New Firewall Rule.

Select and fill in the following parameters:

Rule Name: Enter the name you want

Action: select Accept

Source zone: LAN

Source networks and devices: LAN1(IP PC: 192.168.1.10).

Destination Zones: WAN

Destination networks: Any

Services: Any

In Web Policy select Scan HTTP and Decrypted HTTPS and Use Zero-day Protection to use this feature.

Click on Save.

Step 2: Test to check the Zero-day Protection feature

To test you visit the following website: https://www.wicar.org/

select CLICK HERE TO TEST YOUR BROWSER AND NETWORK and click on the test files below.

Or you can also visit the website: http://www.rexswain.com/eicar.html

Choose to download the eicar files below.

To check the results on Sophos Firewall select Zero-day Protection > Downloads and Attachments.

The test files show status is Malicious and are Blocked.

With View Report you will have a summary file of detailed information about virus files.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.