Solved: MSN images seen as malware

tahscolony · ‎10-30-2015

This morning, the MSN home page was coming up with a lot of blocked images, so did some loggign and discovered they are blocked as malware.

1446222221.754 0 192.168.43.26 TCP_DENIED/403 0 GET http://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBmxxvL.img?h=368&w=622&m=6&q=60&u=t&o=t&l=f&f=jpg&x=1034&y=894 "" NONE/- - BLOCK_WBRS_12-ITPolicy-_Identity-NONE-NONE-NONE-NONE <IW_infr,-8.7,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_infr,-,"-","othermalware","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> - "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"

Anyone else seeing this today?

Handy Putra · ‎10-30-2015

The reputation score for domain akamaized.net has been improved now to -3.0 (neutral zone) and should be accessible.

Make sure your WBRS incremental updates are getting the very up to date versions (today date).

for example:

Web Reputation IP Filters: 1446264987 (Sat Oct 31 15:21:37 2015)
Web Reputation Rules: 1443476456 (Mon Oct 26 17:23:25 2015)
Web Reputation Prefix Filters: 1446264971 (Sat Oct 31 15:21:37 2015)

View solution in original post

Handy Putra · ‎10-30-2015

The reputation score for domain akamaized.net has been improved now to -3.0 (neutral zone) and should be accessible.

Make sure your WBRS incremental updates are getting the very up to date versions (today date).

for example:

Web Reputation IP Filters: 1446264987 (Sat Oct 31 15:21:37 2015)
Web Reputation Rules: 1443476456 (Mon Oct 26 17:23:25 2015)
Web Reputation Prefix Filters: 1446264971 (Sat Oct 31 15:21:37 2015)

tahscolony · ‎11-02-2015

This did eventually clear up once the WSA ran an update.

dney · ‎11-05-2015

We have this exact same problem (just started this week) but we use SourceFire/FirePOWER not CX. Does anyone know the status of an update for this product?