This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False positives on web filter

How do you deal with a 'false positive' on a Sophos Web Appliance? I just had a user ring me and say they were blocked from <URL removed by Moderator-currently classified as malware site>. The reason on the block page was 'security risk'. I then did a policy test and it classified the site as a 'hacking' site. The site isn't a hacking site, it's a travel site.

What is the procedure to follow here? I added the site to the 'globally allowed sites' list, and reclassified it.....but really, I had no way of knowing if the site has been somehow compromised. Is there a procedure similar to submitting spam samples where you can submit a website for reclassification/examination by Sophos?

This thread was automatically locked due to age.

Parents

0 TomA over 12 years ago

Hi Doctor-Gerry,
Websites classified as 'High Risk' and/or 'Hacking' have previously been identified as hosting malicious content.
It's always possible that a seemingly legitimate website could be compromised now or in the past. So, before allowing the website yourself I would definitely recommend to contact Sophos Support. They will get SophosLabs to investigate the site and will categorize asap if there is any mistake.
Hope this helps,
Tom.
:34197
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TomA over 12 years ago

Hi Doctor-Gerry,
Websites classified as 'High Risk' and/or 'Hacking' have previously been identified as hosting malicious content.
It's always possible that a seemingly legitimate website could be compromised now or in the past. So, before allowing the website yourself I would definitely recommend to contact Sophos Support. They will get SophosLabs to investigate the site and will categorize asap if there is any mistake.
Hope this helps,
Tom.
:34197
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data