Sandbox Cloud catching iOS updates for iPad Pro?

Support Forum

The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

We've just started seeing FortiSandbox Cloud catching iOS updates for iPad Pro (not iPhone) as a virus or worm. Wondered if anybody else is seeing this as well? SSL Inspection is turned on.

Seeing email alerts of the form:

Message meets Alert condition

Virus/Worm detected: FSA/RISK_HIGH Protocol: HTTP

Source IP: 10.XX.XX.XX Destination IP: 17.253.31.203

Email Address From: Email Address To:

VIRUS REFERENCE URL: http://www.fortinet.com/ve?vn=FSA%2FRISK_HIGH

date=2018-06-19 time=17:43:25 devname=FGT-XXXXX devid=FGTXXXXXXXXXXXXX logid=0211009234

type=utm subtype=virus eventtype=infected level=warning vd=root

msg="File reported infected by Sandbox."

action=blocked service="HTTP"

sessionid=1407637 srcip=10.XX.XX.XX dstip=17.253.31.203

srcport=50506 dstport=80 srcintf="xxxx" dstintf="port2" policyid=53 proto=6 direction=incoming

filename="iPadiTunesUpdateReadMe.ipd" quarskip=File-was-not-quarantined.

virus="FSA/RISK_HIGH" dtype="Virus"

ref="http://www.fortinet.com/ve?vn=FSA%2FRISK_HIGH" virusid=8

url="http://updates-http.cdn-apple.com/2018/ios/091-82839-20180529-505BD874-5AF4-11E8-871B-B7C90BFA624F/i..."

profile="av-full-mob-sand"

user="" agent="iTunes/12.7.5"

analyticscksum="cdd5f43c602e5c73a5f07802f53ceb516e6b0fd690b5eb597856113ff63fa916"

analyticssubmit=false crscore=50 crlevel=critical

1951

0 REPLIES 0

Top Kudoed Authors

User

Count

800

760

436

250

122

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.