This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"High Risk Website Blocked" by Endpoint protection

Since Tuesday my Sophos Portal at xxx.dns.army:443 is classified by the latest Endpoint protection as "high risk website" and I can not log in. Website protection is not even turned on in the endpoint.

This is rather anoying, the portal of the UTM should never be flagged as high risk.



This thread was automatically locked due to age.
Parents
  • Hello Andreas Wolter,

    website protection is not even turned on
    you say that Sophos (which version) on an endpoint (which OS) is blocking this URL even though Web Protection is disabled?

    I'm not sure what your question actually is (and whether you have one). High risk website is just the caption, and the URL you've posted is likely not the actual URL. And anyway Endpoint can't tell it's your UTM's portal.

    Christian

  • I did not ask a question, I gave a feedback. And High risk website is not just a caption, it is a block, the site does not load and I assume it is because of the dns.army  domain (which is provided by a dyndnsV6 provider and sure I did not post my real domain here) . Nothing changed in the settings of the client or the firewall, so I can only assume it was due to some pattern updates.

    I do not host anything on this domain besides the portal for VPN so it is highly unlikely that my subdomain has landed on a blacklist and blocking something like dyndns.org seems absurd.

Reply
  • I did not ask a question, I gave a feedback. And High risk website is not just a caption, it is a block, the site does not load and I assume it is because of the dns.army  domain (which is provided by a dyndnsV6 provider and sure I did not post my real domain here) . Nothing changed in the settings of the client or the firewall, so I can only assume it was due to some pattern updates.

    I do not host anything on this domain besides the portal for VPN so it is highly unlikely that my subdomain has landed on a blacklist and blocking something like dyndns.org seems absurd.

Children
  • Hello Andreas Wolter,

    I'm not Sophos, just to make sure, and I just assumed you want a solution that's why I've asked what the question could be.
    When I said caption I referred to the fact that there is additional text with a detection name like Mal/HTMLGen-A or JS/DwnLdr-QQO.

    I still don't understand the feedback part or what Sophos should (could) do with it. It's likely updates and you could call them pattern updates, from your description I assume (but can't confirm) that the URL or the IP got listed. How this came about (and whether or not Sophos has done something absurd) is impossibly to say without the details.

    Christian

  • Christian, as far as I understood, this is the community feedback part of the forum.

    As for the caption, it was just a small pop-up in the lower right corner, it said nothing about what kind of threat.

    I reinstalled an old version of endpoint protection, blocked the updates and it does not behave like that.

     

    As for the "absurd"...since I am not hosting anything besides my Sophos portal (which I really doubt is an high risk website), I must assume that the whole domain got blocked. I could understand blocking a subdomain, but surely not the whole domain of a dyndns provider.

    And as far as I read, this "problem" pops up every once in a while. In this case it happened to my private connection, but what should I tell my customers when it happens to theirs?

    "I know your business depends on it but wait a few days till I sort it out with Sophos"?!

    Next license renewal around they will rather choose something else.