User Agent "Unknown" - Site blocking


(Michael Kolzem) #1

Hi all,

if this kind of Browser User Agent pops up in the logs the access is blocked:

Unknown(9ADC0E53<|>BMI4547<|>chewsamy<|>Microsoft Windows 7 Enterprise <|>Premry<|>McAfee VirusScan Enterprise .<|>false - 2/27/2019)

Does anyone know how these are exactly generated? the customer asked specifically for the “false” before the date in the end.

Or do you know who to ask? So far I received no answers in Slack or found anything.

Thanks,
Michael


(Scott Bullock) #2

What is the block reason in the logs?


(Giriraj Jayaraman) #3

Hi Michael,

Collect below data for further investigation:

  1. Screenshot of block page
  2. Capture web browser header trace (using F12 developer tool) by reproducing the issue.
  3. Screenshot of ip.zscaler.com with the username
  4. Export the Web Insights report by selecting all fields after reproducing the issue

Thanks,
Giriraj


(Michael Kolzem) #4

Hi Guys,

thanks for your help. But the customer wants a general explanation, why the fields are displayed as they are, he does not care that these are blocked.

Do you know how these strings are generated in general?

Thanks,
Michael


(Lidor Pergament) #5

Hi @mikowi, the user-agent strings are generated by the client. We have no control over them. The only thing we do is that whenever we find a known browser user-agent we compress it to a format, such as CHROME 11.X. In this case, it’s unknown, so we mark it as UNKNOWN (original string)


(Michael Kolzem) #6

Hi Lidor,

OK, thanks, that helps!

Best regards,
Michael