We have had a number of issues in recent months with the URL categorization functionality in the Web Appliance. Running two appliances, one on 4.2.1.1 and another on 4.2.1.3. Currently, URL categorization is technically working (test connects to the service), but a very large number of legit sites on the web are showing as Uncategorized. This includes sites like mcafee.com, office.com, citrix.com, etc.
This is a huge disruption to our business, as we block Uncategorized sites by default, given that lots of malware/C2 traffic leverages just-in-time sites that are spawned, then torn down days later. I've called Sophos support twice now, yesterday and this morning, and have yet to get an answer from their engineering team. Very dissappointed with the issue, obviously, but also with the lack of availability of engineers to actually take a look at this problem.
Wondering if others are also experiencing this behavior? You can test by using "Test URL" in the web appliance dashboard and entering the sites I've already mentioned, and some of your own for testing.
This thread was automatically locked due to age.
