Java based Application used for E-procurement Government Portal blocked by Cloud SWG
search cancel

Java based Application used for E-procurement Government Portal blocked by Cloud SWG

book

Article ID: 241069

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Cloud SWG agent used to access the internet via Cloud SWG

Cloud SWG managed using UPE and not Portal

Users accessing a file on a specific government website are blocked from downloading it by Cloud SWG malware checks due to the "virus_detected_denied" action

The file is a java executable used to verify digital certificates that are assigned to users for uploads of tender responses.

The file is flagged by multiple sites as risky/malware by multiple vendors as per https://www.virustotal.com/ 

Need to add a malware bypass for this file but despite adding it to the UPE configuration, the users still cannot download the file via Cloud SWG

Environment

Cloud SWG managed using UPE

Cloud SWG Agent on Windows/MacOS

Cause

Multiple layers of malware checks exist within UPE and a layer blocking file is executed after the bypass exception from previous layer

Resolution

Merged all malware policies into one layer.

Additional Information

Added valid CPL code to bypass scanning for our problem object

 ;; Tab: [MU Gov Java Utility Allow CPL]
<Cache>
condition="Scanning Exemption" response.icap_service(no) 

define condition "Scanning Exemption"
url.domain=proc.publicprocurement.gov.org/workflow/NSEU.exe
end condition "Scanning Exemption"

but another layer existed below that sent it back to be scanned

 ;; Tab: [GLB Web Content AV Scanning]
<Cache> condition=!__is_notify_internal
policy.BC_TP_respmod_scan_fail_open ok ; Rule 2 ; WSS_AV_Scanning ; Gestures transformed ; response.icap_service.secure_connection(auto) -> ok

Consolidated the two into one layer and all worked fine.