05-22-2019 02:21 AM
Hi.
We are a Scandinavian ESP, and one of our customers (a large Scandinavian bank) are having issues with links in their mails being classed as "dangerous" by secure-web.sco.cisco.com / sandbox.secure-web.sco.cisco.com. The link in question is a tracking link (on http, if that matters) which redirects to our customers link (a PDF on https).
I can not find any information that explains why Cisco think either of these are dangerous, and no information anywhere on how to report false positives. None of the domains involved have reputation issues, and they are neutral in Talos.
Any suggestions? Can we do anything, or does the end user / recipient (the one using this Cisco secure-web) have to whitelist or open a ticket, or something like that?
Thanks in advance.
05-22-2019 03:42 AM
05-22-2019 04:01 AM
Thanks for the reply. However, since the reputation is neutral, I don't think this is something I could or should dispute? Unless this is actually a bad thing and what causes the link to be blocked?
07-19-2019 08:11 AM
Hello Apsdelivery,
I would request you to please open a case with us and share the access logs or any other information.
If the URL is being detected , there has to be something OR at the very least , we will find it to be a False positive. In any scenario, we will find the reason. once you open a case with us, we can start on the investigations.
Regards
Shikha Grover
****Rate Helpful answers*****
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: