I did some more tests and it seems that the mentioned statement is not valid (or not valid anymore, I did these tests on MX 15.33): I installed a new web-server on my server-LAN and placed the eicar test-files in the Web-directory. Test1) Accessed it from a PC in the user-LAN: MX blocked the download. Test2) Connected with a client-VPN and accessed the file (so this is the original question): The MX blocked the download! Test3) Accessed the file from a PC that comes through a 3rd party VPN: This one was very strange. The Download was allowed (AMP 4 Endpoint directly kicked in) but the MX Security Center logged a "Blocked" action which was obviously not done. Test4) Configured a port forwarding from the internet to the web-server and accessed the file. Same as with Test3, the download was allowed but the Security Center says "Blocked". EDIT: Later ... (you should not do tests like these while doing parallel other stuff) Only Test1 was an AMP-Block, the other events in the Security-Center came from IPS as there is also a signature for Eicar.
... View more
