We received the belwo critical alert from our syslog server for a couple days with various source computers and a couple destination IP's (cloudflare is one). I log into the UTM/device and I can't find a 'Virus' or 'Anti-Virus' log. device="SFW" date=2022-07-04 time=00:09:50 timezone="EDT" device_name="XGname" device_id=xxxxxxxxxxx log_id=xxxxxx log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=5 user_name="xxxxxx" iap=7 av_policy_name="" virus="Unscannable" url=" ">crl.sectigo.com/SectigoRSACodeSigningCA.crl" domainname="crl.sectigo.com" src_ip=,xxxxxxx src_country_code=USA dst_ip=172.64.155.188 (unresolved) dst_country_code=USA protocol="TCP" src_port=xxxxx dst_port=80 sent_bytes=232 recv_bytes=96085 user_agent="Microsoft-CryptoAPI/10.0" status_code=500 Thanks in advance
↧