We've just started seeing FortiSandbox Cloud catching iOS updates for iPad Pro (not iPhone) as a virus or worm. Wondered if anybody else is seeing this as well? SSL Inspection is turned on.
Seeing email alerts of the form:
Message meets Alert condition
Virus/Worm detected: FSA/RISK_HIGH Protocol: HTTP
Source IP: 10.XX.XX.XX Destination IP: 17.253.31.203
Email Address From: Email Address To:
VIRUS REFERENCE URL: http://www.fortinet.com/ve?vn=FSA%2FRISK_HIGH
date=2018-06-19 time=17:43:25 devname=FGT-XXXXX devid=FGTXXXXXXXXXXXXX logid=0211009234
type=utm subtype=virus eventtype=infected level=warning vd=root
msg="File reported infected by Sandbox."
action=blocked service="HTTP"
sessionid=1407637 srcip=10.XX.XX.XX dstip=17.253.31.203
srcport=50506 dstport=80 srcintf="xxxx" dstintf="port2" policyid=53 proto=6 direction=incoming
filename="iPadiTunesUpdateReadMe.ipd" quarskip=File-was-not-quarantined.
virus="FSA/RISK_HIGH" dtype="Virus"
ref="http://www.fortinet.com/ve?vn=FSA%2FRISK_HIGH" virusid=8
profile="av-full-mob-sand"
user="" agent="iTunes/12.7.5"
analyticscksum="cdd5f43c602e5c73a5f07802f53ceb516e6b0fd690b5eb597856113ff63fa916"
analyticssubmit=false crscore=50 crlevel=critical
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.