05-13-2016 12:38 AM - edited 03-08-2019 05:39 PM
Hi all,
Why WSA judge www.taobao.com is malware website? It is a very famous, well-known website in China! It is a third-party sales platform. This site is not invasion. It It Waiting for vender standard answer. And can I submit false positive website to Cisco so that it can be correct in WSA, in WSA, in WSA ? I don't mean to add an exception but for manufacturer to correct itself. Of course, I add an exception for www.taobao.com for the moment. But I want to know the reason and how to solve it expect for exception. Once again, can I submit false positive website to Cisco so that it can be correct in WSA, in WSA, in WSA ? Thanks!
Solved! Go to Solution.
05-14-2016 07:24 PM
Right now URL www.taobao.com has been improved to -5.80 which falls under neutral zone and should be allowed by the appliance if you have the reputation score in default setting
-10 to -6 block
-5.9 to 5.9 monitor/scan
6 to 10 allow.
If you require to submit for false positive, you can do so by going to below link and enter the URL and request it to be non-malicious:
https://securityhub.cisco.com/web/submit_reputation_urls
05-14-2016 12:22 AM
Sometimes it can be caused by advertising on the site that has malware rather than the site itself - but that is still sufficient for users to get infected.
I bet it will get resolved soon.
05-14-2016 07:24 PM
Right now URL www.taobao.com has been improved to -5.80 which falls under neutral zone and should be allowed by the appliance if you have the reputation score in default setting
-10 to -6 block
-5.9 to 5.9 monitor/scan
6 to 10 allow.
If you require to submit for false positive, you can do so by going to below link and enter the URL and request it to be non-malicious:
https://securityhub.cisco.com/web/submit_reputation_urls
05-15-2016 12:35 AM
Dear Handy,
Can I submit false positive diretly in WSA but though another special website? And can you tell me the reason for this false positive ? Thanks!
05-15-2016 05:41 PM
You can only submit false positive using 2 ways:
1. Submit directly from the customer facing portal:
https://securityhub.cisco.com/web/submit_reputation_urls
2. Or open a case with TAC
The reason it was scoring low before that our threat analysts discovered that the domain has one or more URLs associated with it that have been reported to contain content served up as ads, malware, spyware, etc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide