Zenarmor detected 0 and blocked 0 potential harmful activities...

Started by mthomaschewski, March 22, 2025, 06:08:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 22, 2025, 06:08:20 PM
I have been using Zenarmor for many years starting with Opnsense v21.  Upgrading has always been problematic with Zenarmor on Opnsense to the point that I wait a minimum of 2 months after the Opnsense version has been released to apply it to my hardware.  Recently I upgraded to Opnsense 25.1.3 with the latest Zenarmor (1.18.6).  I am reaching out to the community for guidance with a problem.  Zenarmor no longer detects or blocks any potential harmful activities.

What I have tried:
1. Reseting Zenarmor to "Factory Defaults". Applying Zenarmor backup.  Not functioning.
2. Reseting Zenarmor to "Factory Defaults". Configuring Policies from scratch.  Not functioning.
3. Uninstalling Zenarmor Package Engine.  Reinstall Zenarmor. Applying Zenarmor backup.  Not functioning.
4. Uninstalling Zenarmor Package Engine.  Reinstall Zenarmor. Configure Policies from scratch.  Not functioning.

I am not getting any error messages.  Just not detecting or blocking any potential harmful activities which is not the behaviour that I would expect or historically have seen from Zenarmor.  I believe that there is a foundational problem with the configuration/policies not applying correctly since the upgrade.  Any advice from the community would be appreciated.

March 24, 2025, 01:49:35 PM #1
Hi,

Do you see any session in Threats tab in Live Sessions menu?
March 27, 2025, 11:52:42 PM #2
sy,

Thanks for replying.

When I look at the Threats Tab in the Live Sessions and select the Last Week filter I see the following: "No detected threats for the last week"

I have tried uninstalling and then reinstalling Zenarmor since posting the original message with no changes.  Today I upgraded to 25.1.4 and Zenarmor is still showing detected 0 and blocked 0 potential harmful activities.

March 28, 2025, 07:11:15 AM #3
Hi,

Please try to visit test malware site eicar.org and check its category in the reports. If it doesn't appear as Malware/Virus. Please share a report by following the instructions in the below link

https://zenarmor.com/docs/support/reporting-bug
March 29, 2025, 04:55:26 PM #4
Sy,

Thanks again for your guidance.  Zenarmor did detect eicar.org as "Malware/Virus" and successfully blocked the traffic.  When I review the live sessions for the last week there are only 6 entries which are all related to eicar.org (same time stamp). It would appear that Zenarmor is functioning.  I am wondering if my ISP has changed something and there is not a problem with my setup of Zenarmor?

Michael



 

March 31, 2025, 08:11:06 AM #5
Hi Michael,

I don't believe that the ISP influences this behavior. You can perform the same test using dynamic DNS sites like ddns.net or noip.com, among others.

Print
Go Up Pages1
User actions