False postive link

ApsDelivery · ‎05-22-2019

Hi.

We are a Scandinavian ESP, and one of our customers (a large Scandinavian bank) are having issues with links in their mails being classed as "dangerous" by secure-web.sco.cisco.com / sandbox.secure-web.sco.cisco.com. The link in question is a tracking link (on http, if that matters) which redirects to our customers link (a PDF on https).

I can not find any information that explains why Cisco think either of these are dangerous, and no information anywhere on how to report false positives. None of the domains involved have reputation issues, and they are neutral in Talos.

Any suggestions? Can we do anything, or does the end user / recipient (the one using this Cisco secure-web) have to whitelist or open a ticket, or something like that?

Thanks in advance.

Ken Stieers · ‎05-22-2019

You can file a reputation dispute on talosintelligence.com

ApsDelivery · ‎05-22-2019

Thanks for the reply. However, since the reputation is neutral, I don't think this is something I could or should dispute? Unless this is actually a bad thing and what causes the link to be blocked?

shgrover · ‎07-19-2019

Hello Apsdelivery,

I would request you to please open a case with us and share the access logs or any other information.

If the URL is being detected , there has to be something OR at the very least , we will find it to be a False positive. In any scenario, we will find the reason. once you open a case with us, we can start on the investigations.

Regards

Shikha Grover

****Rate Helpful answers*****