OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of hedders »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - hedders

Pages: [1]
1
Zenarmor (Sensei) / Re: Sensei db related error in backend log
« on: February 04, 2024, 07:50:18 am »
I am also seeing this. Running opnsense 24.1 (although it appeared in the logs prior to the upgrade from 23.7 too), Zenarmor is up to date (engine 1.16.2, database 1.16.24012617, agent 1.16.4), using a local Elasticsearch database.

I also noted that the Audit log shows the following error in configd.py every hour: "action sensei.update-install.os-sensei-db not found for user root".

Zenarmor seems to be running fine.  I do wonder whether it has something to do with this older thread:

https://forum.opnsense.org/index.php?topic=22363.0

2
Zenarmor (Sensei) / Re: Question about approach to identifying possible false positive
« on: December 19, 2023, 06:12:41 pm »
Thank you!

3
Zenarmor (Sensei) / Re: Question about approach to identifying possible false positive
« on: December 18, 2023, 05:21:44 am »
Quote
If your quite sure its a false positive

Thanks. I guess the issue is I'm not sure if it is or not, and I'm struggling to find any useful info to help me find out. Do you happen to know if there is anywhere I can look up why it was matched?

4
Zenarmor (Sensei) / Question about approach to identifying possible false positive
« on: December 17, 2023, 08:51:14 am »
Hello,

I'm a pretty new user of Zenarmor, having only recently upgraded from a consumer-grade home router to an OPNsense box (which I'm very happy with).

I am seeing a lot of blocks of outgoing connections from my phone to a host called "prod-mobile-api.jn3cx6xo36.net", which Zenarmor seems to be categorising as "Malware/Virus". I suspect it is a false positive, but it is obviously concerning and I am struggling to find any info on what it is, or why Zenarmor might be categorising it as malware.

Googling for that hostname leads to a few auto-generated "we've scanned this host for viruses and found nothing" type pages, which tell me very little.

The regular posters in this forum seem to be pretty experienced and knowledgeable, and I wondered if anyone can give me some pointers in tracking down what's going on here please? For example, do any of you know what databases Zenarmor draws its blocklists from?

If the mods think this is OT then my apologies, and do feel free to bin.

Thank you all in advance for any help you're able to give.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2