Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3502 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Determining source of web intelligence block

MatthewEllis

Greetings.

I am seeing a generic "Your organization's policy prohibits access to this website" block message when machines managed through my Enterprise Console visit a specific external site.

 

In the local client logs for web intelligence, I see:

 

2018-05-28T17:44:14.664Z action=block why=override threat=- fileclass=- category=- url=hxxp://www.realwebsiteaddresswouldgohere.com

 

Compare that to these two Sophos sample sites for category blocking (same machine, same log):

 

2018-05-28T18:03:00.239Z action=warn why=category threat=- fileclass=- category=26 url=hxxp://sophostest.com/intolerance/index.html
2018-05-28T18:03:05.874Z action=block why=risk threat=Mal/HTMLGen-A fileclass=- category=19 url=hxxp://sophostest.com/malware/index.html

 

I would like to determine why the top site is being blocked.  Anyone able to offer any assistance or suggestions?

 

Thanks ...

 

Matthew



This thread was automatically locked due to age.
  • +1

    Hello Matthew,

    I would like to determine
    try to remember that you put this site into the policy - or try to find the one who did  [;)]
    Seriously - why=override is logged for sites that have been blocked under Website Exceptions like here:

    Someone has explicitly added this site (and perhaps others) as site to be blocked. Naturally I can't say why.

    Christian

  • 0 in reply to QC

    Perfect!

     

    Thank you ... I appreciate the clear answer.

     

    I was able to find the site in the blocked list.  Now to determine who blocked it and why.  :)

Unfiltered HTML