Sandboxing, Predictive Analysis, File reputation threat alerts etc are configured on CAS to notify events promptly over email or syslog, however the client ip address or server ip addresses are missing in the alert. A sample alert for Predictive Analysis is given below:
File determined to be unsafe through Predictive Analysis
File has been dropped.
2018-07-10 02:54:40 (UTC) Hardware serial number: XXXXXXXXXX CAS (Version 184.108.40.206(217803)) - http://www.symantec.com Predictive Analysis Vendor: Cylance Version: 281492156710912
Machine name: CAS Machine IP address: 10.1.1.1 Server: Unknown Client: Unknown
This is due to ProxySG not configured to send Client IP Address and Server (OCS) Address to ICAP server along with the scan request The below configuration needs to be modified on ProxySG to address this issue.
Navigate to Configuration -> Content Analysis -> ICAP -> Locate the ICAP Service and click on Edit.
Enable the Client address and Server address as shown in the snapshot.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.