Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Inconsistent action for Blocked Websites are seen in the access logs of Trend Micro Web Security (TMWS)

    • Updated:
    • 8 Sep 2020
    • Product/Version:
    • Trend Micro Web Security All
    • Platform:
Summary

The access logs show inconsistency with the action taken to supposedly blocked websites, and "Not match any rule" is logged as the Reason under the Action column.

Access Logs

Details
Public

For https traffic blocked by TMWS policy, the following access logs are recorded:

  • ALLOW action for "CONNECT" request, with "Not match any rule" reason
  • BLOCK action for https access

When accessing an HTTPS website via proxy, the client would send a "CONNECT" request. This request is used to create connection between the client & proxy, and proxy & original server. TMWS is not yet performing policy matching at this state therefore, “Not match any rule” is logged.

 
The ALLOW action is expected for a root domain (e.g. https://www.facebook.com).
 

After connection is created, the actual requests for page data would be performed and the expected action would be taken based on the policy configure.

For roaming user, when TMWS received a "CONNECT" request, it would ask for authentication and then decrypt the actual data requests for authentication.

To verify that the website is indeed blocked, you can access it on the machine where the policy is applied.

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000268423
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.