LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How is firewall-based Antivirus different from client-side AV like Defender or McAfee?

Firewall AV scans traffic in-flight as it crosses the perimeter; client AV scans files at-rest on disk.

Aspect Firewall AV Client AV
Where At the perimeter, on the wire On the endpoint disk/RAM
When While the file is being downloaded After download, on access, on schedule
What it sees Decrypted traffic (needs SSL Forward Proxy for HTTPS) Local files, processes, memory
Catches Drive-by downloads, known signatures in transit Anything that landed on disk, including offline-introduced files (USB)

Why both? Defense in depth. FW AV stops obvious known threats before they hit the endpoint, reducing endpoint workload. Client AV catches what FW missed (encrypted traffic without decryption, USB sticks, lateral movement).

EICAR test file: EICAR (European Institute for Computer Antivirus Research) defined a harmless standardized string that AV products are coded to flag as if it were a virus. Used to verify AV is working without handling real malware. A typical test downloads it from secure.eicar.org/eicar.com over HTTPS to check the firewall's antivirus profile.

Go deeper:

From Quiz: INTROL / Firewall Advanced Lab (Lab 6) | Updated: Jul 14, 2026