cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3272
Views
0
Helpful
7
Replies

Firepower blocking Microsoft.com?

roundearther
Level 1
Level 1

Security Intelligence Events shows https://www.microsoft.com as being URL blocked and classified under Security Intelligence Category as "URL Malware."

 

Is Firepower's Collective Security Intelligence (CSI) URL blocking Microsoft.com?

7 Replies 7

CACorpITOps
Level 1
Level 1

Having this problem as well.

Jeff Sterck
Level 1
Level 1

I have this issue as well.  Removing URL Malware from my URL filtering policy has made it work.  I previously tried whitelisting the URL (HTTP/S) and, while that adds the URL into my whitelist, it does not supersede the URL Malware list.

 

Frustrating.

I was able to get it to work by right-clicking on the URL in Connections > Security Intelligence Events and then clicking "Whitelist HTTP/S Connections to Domain Now" and "Whitelist HTTP/S Connections to URL Now."

Interesting.  I tried that as well and it did not work.  Did it require you to deploy once you added them to the whitelists?

 

No, I did not have to deploy.

-Sparrow-
Level 1
Level 1

Interesting... I'm seeing this same thing as well for a handful of IP's on my internal LAN, but I can browse to https://www.microsoft.com without issue.  Haven't heard any complaints from any end users yet. 

 

** Side note** Has anyone here seen an increase in "URL Malware" URL Blocks to https://mv-s2s-dev.ngrok.io?

I've seen this URL being blocked daily since about the 5th of September.  Google doesn't reveal much about it.  It triggers IOC's on some of our hosts every day.

Firepowered
Level 1
Level 1

You can 'Trust' microsoft.com, this should take care of it. Alternatively you can also add it to whitelist from the event log, deploy policy after you do that, to be sure.

 

 

Review Cisco Networking for a $25 gift card