Blog Home  Home Feed your aggregator (RSS 2.0)  
Syncio Blog - ISA 2006 Cache and HTTP Kaspersky Antivirus
fixitchris@twitter
 
Archive
<June 2008>
SunMonTueWedThuFriSat
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345
Navigation
Home
Users
Chris8
Total Posts8
Comments0
Categories
 
 
 
 
 
 
Blogroll
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In
 Wednesday, June 18, 2008
ISA 2006 Cache and HTTP Kaspersky Antivirus by Chris

Using the FPCCacheContents Object I was able to force-cache any file I wanted for any duration I wanted. 

1.  I downloaded Cain&Abel executable from source #1 and Kaspersky blocked it.  I verified that traffic was coming from souce #1 with Wireshark.
2.  I force-cached Cain&Abel executable from source #2 to avoid IE caching or anything that might invalidate this test.  The item now exists in ISA cache.
3.  I downloaded Cain&Abel executable from source #2 again.  I verified that traffic was indeed coming from ISA Cache with Wireshark. 
I turned up KAV log files to Debug and verified that the Cain&Abel executable has not been flagged the first time it was downloaded.  Kaspersky blocked Cain&Abel from ISA Cache.
 
Conclusion:

  • HTTP Kaspersky engine interfaces with cache and routed requests. 
  • Anything can be forced into ISA cache.

See the ISA Monitor Utility for cache control.  http://sync-io.net/IsaTools.aspx

Wednesday, June 18, 2008 1:15:11 PM (Central Standard Time, UTC-06:00)  #    Comments [0]   ISA | Malware  | 
Copyright © 2010 Chris Misztur. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: