03-03-2009 07:50 PM
I have an IronPort S160. The website of one of our field offices has been classified as malware by the appliance. I clicked on the Report Misclassification button. What is the process now? How do I monitor the progress of the re-classification?
In the meantime, I'd like to allow that website. I tried adding it to the Allow List under Web Security Manager, L4 Traffic Monitor, but that doesn't seem to do the trick. Is there another place I need to allow it?
Thank you,
Richard
03-04-2009 04:57 PM
Richard,
This depends on what resource is incorrect. For example, this could be a URL category, L4TM, or Webroot mistake.
Have you determined that this is an L4TM block? Or is this a proxy block? If it's a proxy block, please include the accesslog line that shows the block.
03-04-2009 08:39 PM
Hi Josh,
Well, in a short time the site has been re-classified as Philantropic and Professional Orgs which is what it is, so that is great. I also discovered Policy Trace under System Administration that helps show what policy may be involved in blocking a particular site.
We've been asked to block Personal/Dating URL category, but allow Facebook through as an exception. Where would I go to do this?
Thanks,
Richard
03-05-2009 04:34 PM
Richard,
All you have to do is create a custom category that has facebook in it (facebook.com, .facebook.com).
In the access policy, set Personal/Dating to block and this new custom category to allow.
Custom categories always take precedence over standard categories.
03-05-2009 04:58 PM
Josh
That worked great. Thanks!
Richard
11-27-2012 03:50 PM
Hi,
To the original poster's question - what is the way to check the status on a "Report Misclassification" button-press and what is the typical turnaround time to resolution?
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide