Jump to content


Photo

Barracuda's ESS ATP not working very well

ESS ATP ESS ATD

  • Please log in to reply
3 replies to this topic

#1 Jack Gray

Jack Gray
  • Members
  • 5 posts

Posted 19 March 2018 - 05:07 AM

Hi,

 

Are any of you noticing that the Advanced Threat Protection in ESS isn't really doing a hell of a lot in terms of protection?

 

We have a number if Office 365 clients who are using this service and almost every day we receive an alert email from Office 365 (Exchange online Protection) that a malicious file ie. word or PDF file etc has been detected with payload or even malware embedded inside it.  Yet every time this passes straight with the ATP service undetected.  Apparently this is because when the attachment is opened or executed in the sandbox environment, the scanning service doesn't have the ability to scan INSIDE the files?  If there is a malicious URL or embedded image with a link to malicious content, ATP cant detect this, yet Office 365's free EOP service can. 

 

This is good that our clients are still protected, but my issue is why isn't and 'Advanced' Threat Protection service able to do this when we pay for it?  We barely see any threats detected at all from the ATP logs too?  We would like to know if anyone else experiencing the same issues?  Some of the Barracuda Engineers that we have spoken to say that this is a potential known issue, yet we aren't hearing too much back for the product / development team on this.

 

Regards, Jack

 



#2 Ken Pohlman

Ken Pohlman
  • Members
  • 2 posts

Posted 19 June 2018 - 12:52 PM

I also experience a similar issue with ATP.  MANY TIMES in the One Month I have had the service I have had reports of Phishing attempts.  When I clicked the links myself to test the solution.. the links worked and sent me to the Link destination... but suprise!!!!  Chrome knows the site is malicious and wouldn't let me visit.   This issue has been reported and escalated multiple times and Ive heard nothing back from support on it.  Now today, ATP seems to be not scanning at all and mail is being held in quarantine until i release it. :(



#3 Rogério Diniz

Rogério Diniz
  • Members
  • 1 posts

Posted 25 September 2018 - 09:30 AM

We are getting the same problem.  Is there any action or workaround for this ?



#4 Jack Gray

Jack Gray
  • Members
  • 5 posts

Posted 25 September 2018 - 12:17 PM

I believe the ATP issue has been mostly resolved and has a little more functionality than it did which wouldn't have been hard as it was hardly doing much at all.  I think the issue now lies with the Link Protection and Intent Analysis which may not be as accurate as it should be.

 

This is an interesting read though.  Although this is about the Unified Threat Management Firewalls on the market today, the same protection that is used in the Cloud services is effectively used on these devices including the ATP module.  Barracuda, doesn't really rate too highly here I'm afraid, but I guess you get what you pay for though most of the time.

 

Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls)

 

Do a search for the above article as this forum wouldn't let me paste this link into the discussion here.