"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
To have the classification automatically reviewed, please follow article 119440
The web appliance uses security risk classifications assigned by SophosLabs to assess the website requests made by your users. The classifications are defined in a list of URLs that is maintained by SophosLabs and is updated several times a day. The appliance stores a copy of the current classifications and checks for updates periodically.
The appliance takes different actions depending on the security risk classification of the requested URL:
High Risk: These sites have been analyzed by SophosLabs and host malicious content that can compromise network security. These sites are always blocked.
Medium Risk: These sites have been analyzed by SophosLabs and have a history of poor privacy or security practices that may compromise network security. By default, the appliance scans these sites before allowing access. You can override this default action by setting the appliance to block access to these sites.
Low Risk: These sites have no recent history of malicious content or behavior. These sites are periodically reviewed by SophosLabs to verify site contents. When a low risk site is requested, the appliance scans it before allowing access.
Trusted: These sites are entered by the administrator and are not analyzed or reviewed by SophosLabs. Enter only sites that meet strict security criteria because they will not be scanned before access is granted.
Unclassified: These sites have not yet been analyzed or reviewed by SophosLabs and may compromise network security. By default, the appliance treats these sites as low risk sites. The other choices are to treat them as medium risk or high risk sites.
Understanding this classification process can help you, as an administrator, to decide:
For more information about how to configure these settings, in the appliance software, click Help > Configuration > Global Policy, and read the 'Security Filter' and 'Add Local Classifications' sections.
A mechanism is available in the appliance that allows the administrators to submit URLs to Sophos that the end users have marked as being misclassified using the "allow user feedback" feature. These URLs are placed in a queue for manual review by SophosLabs and are reclassified, if appropriate.
To submit misclassified URLs to Sophos, go to the Configuration > Global Policy > General Options page and select the option to Ensure sharing of non-user identifiable data with SophosLabs to improve protection.
For more information about the allow user feedback feature, click Help > Configuration > Group Policy > Default Policy, and read the 'Allow User Feedback' section.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.