Handling mis-classified websites

roffill_ironport · ‎03-03-2009

I have an IronPort S160. The website of one of our field offices has been classified as malware by the appliance. I clicked on the Report Misclassification button. What is the process now? How do I monitor the progress of the re-classification?

In the meantime, I'd like to allow that website. I tried adding it to the Allow List under Web Security Manager, L4 Traffic Monitor, but that doesn't seem to do the trick. Is there another place I need to allow it?

Thank you,

Richard

jowolfer · ‎03-04-2009

Richard,

This depends on what resource is incorrect. For example, this could be a URL category, L4TM, or Webroot mistake.

Have you determined that this is an L4TM block? Or is this a proxy block? If it's a proxy block, please include the accesslog line that shows the block.

roffill_ironport · ‎03-04-2009

Hi Josh,

Well, in a short time the site has been re-classified as Philantropic and Professional Orgs which is what it is, so that is great. I also discovered Policy Trace under System Administration that helps show what policy may be involved in blocking a particular site.

We've been asked to block Personal/Dating URL category, but allow Facebook through as an exception. Where would I go to do this?

Thanks,

Richard

jowolfer · ‎03-05-2009

Richard,

All you have to do is create a custom category that has facebook in it (facebook.com, .facebook.com).

In the access policy, set Personal/Dating to block and this new custom category to allow.

Custom categories always take precedence over standard categories.

roffill_ironport · ‎03-05-2009

Josh

That worked great. Thanks!

Richard

christopherhudel · ‎11-27-2012

Hi,

To the original poster's question - what is the way to check the status on a "Report Misclassification" button-press and what is the typical turnaround time to resolution?

Thanks,