Firepower blocking Microsoft.com?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 10:38 AM - edited 09-30-2019 11:56 AM
Security Intelligence Events shows https://www.microsoft.com as being URL blocked and classified under Security Intelligence Category as "URL Malware."
Is Firepower's Collective Security Intelligence (CSI) URL blocking Microsoft.com?
- Labels:
-
Event Analysis
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 11:37 AM
Having this problem as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 12:00 PM
I have this issue as well. Removing URL Malware from my URL filtering policy has made it work. I previously tried whitelisting the URL (HTTP/S) and, while that adds the URL into my whitelist, it does not supersede the URL Malware list.
Frustrating.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 12:09 PM
I was able to get it to work by right-clicking on the URL in Connections > Security Intelligence Events and then clicking "Whitelist HTTP/S Connections to Domain Now" and "Whitelist HTTP/S Connections to URL Now."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 12:42 PM
Interesting. I tried that as well and it did not work. Did it require you to deploy once you added them to the whitelists?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2019 12:46 PM
No, I did not have to deploy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2019 12:07 PM
Interesting... I'm seeing this same thing as well for a handful of IP's on my internal LAN, but I can browse to https://www.microsoft.com without issue. Haven't heard any complaints from any end users yet.
** Side note** Has anyone here seen an increase in "URL Malware" URL Blocks to https://mv-s2s-dev.ngrok.io?
I've seen this URL being blocked daily since about the 5th of September. Google doesn't reveal much about it. It triggers IOC's on some of our hosts every day.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2019 08:45 AM
You can 'Trust' microsoft.com, this should take care of it. Alternatively you can also add it to whitelist from the event log, deploy policy after you do that, to be sure.
