Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
0
Replies

ACCOUNT_TAKEOVER outgoing content filter upgrade issue with hyperlinks

atnna
Level 1
Level 1

‎07-12-2022 04:22 AM

Hi all, 

I am upgrading the default ACCOUNT TAKEOVER rule in outgoing content filters and I stumbled on an problem. 

The end goal is to set up a rule in a way that the recipient receives redirected URL over a secure cisco proxy.

The issue itself is not in outgoing mail flow but when/if the recipient reply to the email.

E.g. if email contains <a href="malicious link">"malicious link"</a> the URL reputation action will redirect and result with link now looking as <a href="redirected malicious link">"malicious link"</a>. Recipient is protected but if recipeint reply on such email the incoming content filters will again quarantine email because CISCO will recognize <a href="redirected malicious link">"malicious link"</a> as malicious. We do have setup bypass_list for incoming filters that start with "secure-web.cisco.com".

I do not see how this can be avoided or filtered. The redirected links to secure proxy were filtered but CISCO keeps identifying the displayed text as a malicious link even if the redirected link is behind it.

I did try to solve this using the "defang" and "replace with text message" (on outgoing content filters) options but the end result is the same - the reply is quarantined. 

Does anyone have an idea how could this be resolved? 

BR

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents