Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3503 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Determining source of web intelligence block

MatthewEllis

Greetings.

I am seeing a generic "Your organization's policy prohibits access to this website" block message when machines managed through my Enterprise Console visit a specific external site.

 

In the local client logs for web intelligence, I see:

 

2018-05-28T17:44:14.664Z action=block why=override threat=- fileclass=- category=- url=hxxp://www.realwebsiteaddresswouldgohere.com

 

Compare that to these two Sophos sample sites for category blocking (same machine, same log):

 

2018-05-28T18:03:00.239Z action=warn why=category threat=- fileclass=- category=26 url=hxxp://sophostest.com/intolerance/index.html
2018-05-28T18:03:05.874Z action=block why=risk threat=Mal/HTMLGen-A fileclass=- category=19 url=hxxp://sophostest.com/malware/index.html

 

I would like to determine why the top site is being blocked.  Anyone able to offer any assistance or suggestions?

 

Thanks ...

 

Matthew



This thread was automatically locked due to age.
Parents
  • +1

    Hello Matthew,

    I would like to determine
    try to remember that you put this site into the policy - or try to find the one who did  [;)]
    Seriously - why=override is logged for sites that have been blocked under Website Exceptions like here:

    Someone has explicitly added this site (and perhaps others) as site to be blocked. Naturally I can't say why.

    Christian

  • 0 in reply to QC

    Perfect!

     

    Thank you ... I appreciate the clear answer.

     

    I was able to find the site in the blocked list.  Now to determine who blocked it and why.  :)

Reply Children
No Data
Unfiltered HTML