Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Web browser security warnings appear when using the "Scan before delivering" feature in InterScan Web Security Virtual Appliance (IWSVA) 6.5

    • Updated:
    • 28 Nov 2018
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

InterScan Web Security Virtual Appliance (IWSVA) provides "Scan before delivering" feature to prevent the client web browser from timing out in IWSVA when scanning large files.

However, the client browser would show its security warning unless it treats IWSVA as a trusted site.

Details
Public

To address large file scan lag, do the following:

You can set them in HTTP > Advanced Threat Protection > Policies > Virus/Malware Scan Rule.

  • Scan before delivering: The client browser sees the scan progress screen IWSVA shows until IWSVA completes the scan.

  • Deferred scanning: IWSVA delivers a certain amount of the file to the client browser while scanning the file.

In the case of "Scan before delivering", the client browser gets redirected to TCP port 9091 of the IWSVA server after the scan completes to download the scanned file.

By default, the URL for the redirection is "https://{IP address of IWSVA}:9091". Therefore, this leads to the following web security warnings because the client browser fails to verify the TLS/SSL server certificate of the IWSVA server.

For example:

  • Microsoft Edge

    This site is not secure.
    This might mean that someone's trying to fool you or steal any infor you send to the server.
    You should close this site immediately.

  • Mozilla Firefox

    Your connection is not secure.
    The owner of <the destination site> has configured their website improperly.
    To protect your information from being stolen, Firefox has not connected to this website.

  • Google Chrome

    Your connection is not private
    Attackers might be trying to steal your information from the <destination site> (for example, passwords, messages, or credit cards).

To resolve the issue, change the URL for the redirection and import a TLS/SSL server certificate:

  1. Log on to IWSVA as root via SSH (for example with a SSH shell such as PuTTy).
  2. Create a backup copy of /etc/iscan/intscan.ini:

    # cp /etc/iscan/intscan.ini /etc/iscan/intscan.ini.bak

  3. Use vi to edit the file /etc/iscan/intscan.ini.

    # vi /etc/iscan/intscan.ini

  4. Change the following line:

    scan_before_deliver_server=9091

    To change "scan_before_deliver_server:9091" into the URL:

    scan_before_deliver_server=iwsva.example.test:9091

  5. Save the file and quit.
  6. Run the following commands to restart HTTP scan service.

    # /etc/iscan/S99ISproxy stop
    # /etc/iscan/S99ISproxy start

    To import a TLS/SSL server certificate to the IWSVA server, go to Administration > Network Configuration > Web Console. You may purchase a certificate from the certificate authorities or create a self-signed certificate.

     
    • The CN or SAN of the certificate must be the IWSVA's FQDN.
    • The CA certificate should also be imported to the client browser.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1121588
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.