Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2648
Views
0
Helpful
4
Replies

Why WSA judge www.taobao.com is malware website?

Go to solution
360rundll
Level 1
Level 1

‎05-13-2016 12:38 AM - edited ‎03-08-2019 05:39 PM

Hi  all,

                     Why WSA judge www.taobao.com is malware website?  It is a very famous, well-known website in China! It is a third-party sales platform. This site is not invasion. It It Waiting for vender standard answer. And can I submit false positive website to Cisco so that it can be correct in WSA, in WSA, in WSA ? I don't mean to add an exception but for manufacturer to correct itself. Of course, I add an exception for www.taobao.com for the moment. But I want to know the reason and how to solve it expect for exception. Once again,  can I submit false positive website to Cisco so that it can be correct in WSA, in WSA, in WSA ? Thanks!

Labels:
Preview file
27 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎05-14-2016 07:24 PM

Right now URL www.taobao.com has been improved to -5.80 which falls under neutral zone and should be allowed by the appliance if you have the reputation score in default setting

-10 to -6 block

-5.9 to 5.9 monitor/scan

6 to 10 allow.

If you require to submit for false positive, you can do so by going to below link and enter the URL and request it to be non-malicious:

https://securityhub.cisco.com/web/submit_reputation_urls

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎05-14-2016 12:22 AM

Sometimes it can be caused by advertising on the site that has malware rather than the site itself - but that is still sufficient for users to get infected.

I bet it will get resolved soon.

0 Helpful

Go to solution
Handy Putra
Cisco Employee
Cisco Employee

‎05-14-2016 07:24 PM

Right now URL www.taobao.com has been improved to -5.80 which falls under neutral zone and should be allowed by the appliance if you have the reputation score in default setting

-10 to -6 block

-5.9 to 5.9 monitor/scan

6 to 10 allow.

If you require to submit for false positive, you can do so by going to below link and enter the URL and request it to be non-malicious:

https://securityhub.cisco.com/web/submit_reputation_urls

0 Helpful

Go to solution
360rundll
Level 1
Level 1
In response to Handy Putra

‎05-15-2016 12:35 AM

Dear Handy,

           

              Can I submit false positive diretly in WSA but though another special website? And can you tell me the reason for this false positive ? Thanks!

0 Helpful

Go to solution
Handy Putra
Cisco Employee
Cisco Employee
In response to 360rundll

‎05-15-2016 05:41 PM

You can only submit false positive using 2 ways:

1. Submit directly from the customer facing portal:

https://securityhub.cisco.com/web/submit_reputation_urls

2. Or open a case with TAC

The reason it was scoring low before that our threat analysts discovered that the domain has one or more URLs associated with it that have been reported to contain content served up as ads, malware, spyware, etc

0 Helpful
Customers Also Viewed These Support Documents