Handling mis-classified websites

Unanswered Question
Mar 3rd, 2009

I have an IronPort S160. The website of one of our field offices has been classified as malware by the appliance. I clicked on the Report Misclassification button. What is the process now? How do I monitor the progress of the re-classification?

In the meantime, I'd like to allow that website. I tried adding it to the Allow List under Web Security Manager, L4 Traffic Monitor, but that doesn't seem to do the trick. Is there another place I need to allow it?

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jowolfer Wed, 03/04/2009 - 16:57


This depends on what resource is incorrect. For example, this could be a URL category, L4TM, or Webroot mistake.

Have you determined that this is an L4TM block? Or is this a proxy block? If it's a proxy block, please include the accesslog line that shows the block.

roffill_ironport Wed, 03/04/2009 - 20:39

Hi Josh,

Well, in a short time the site has been re-classified as Philantropic and Professional Orgs which is what it is, so that is great. I also discovered Policy Trace under System Administration that helps show what policy may be involved in blocking a particular site.

We've been asked to block Personal/Dating URL category, but allow Facebook through as an exception. Where would I go to do this?



jowolfer Thu, 03/05/2009 - 16:34


All you have to do is create a custom category that has facebook in it (facebook.com, .facebook.com).

In the access policy, set Personal/Dating to block and this new custom category to allow.

Custom categories always take precedence over standard categories.

christopherhudel Tue, 11/27/2012 - 15:50


To the original poster's question - what is the way to check the status on a "Report Misclassification" button-press and what is the typical turnaround time to resolution?



This Discussion