Hi,
We have Symantec EPP installed on a Windows server running apache. Web attacks are detected when entering via HTTP, but they are undetected if they enter via HTTPS.
Is it possible to install a certificate to allow SSL inspection? What other approaches are reccommended?
Example of attack detected on HTTP which is not detected if entering via HTTPS
Mar 15 13:45:09 ANTIVIRUS SymantecServer: AAAAA,Event Description: [SID: 32329] Audit: Malicious Scan Attempt 2 attack blocked. Traffic has been blocked for this application: C:\asdfasdfasf\APACHE\BIN\HTTPD.EXE,Event Type: ,Local Host IP: 10.10.0.10,Local Host MAC: 000000000000,Remote Host Name: ,Remote Host IP: 10.20.1.50,Remote Host MAC: 000000000000,Outbound,TCP,Blocked,Begin: 2025-03-15 13:44:07,End Time: 2025-03-15 13:44:07,Occurrences: 1,Application: C:/XAMPP/APACHE/BIN/HTTPD.EXE,Location: Default,User Name: none,Domain Name: ,Local Port: 61780,Remote Port: 80,CIDS Signature ID: 32329,CIDS Signature string: Audit: Malicious Scan Attempt 2,CIDS Signature SubID: 65536,Intrusion URL: http://10.20.1.50/SDGEG/apps/FD/sdfgc/autodiscover/autodiscover.json?@zdi/Powershell,Intrusion Payload URL: ,SHA-256: ,MD-5: ,Intensive Protection Level: N/A,URL Risk: N/A,URL Category: N/A
Thanks