cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
380
Views
0
Helpful
3
Replies
Highlighted
Beginner

False postive link

Hi.

 

We are a Scandinavian ESP, and one of our customers (a large Scandinavian bank) are having issues with links in their mails being classed as "dangerous" by secure-web.sco.cisco.com / sandbox.secure-web.sco.cisco.com. The link in question is a tracking link (on http, if that matters) which redirects to our customers link (a PDF on https).

 

I can not find any information that explains why Cisco think either of these are dangerous, and no information anywhere on how to report false positives. None of the domains involved have reputation issues, and they are neutral in Talos. 

 

Any suggestions? Can we do anything, or does the end user / recipient (the one using this Cisco secure-web) have to whitelist or open a ticket, or something like that?

 

Thanks in advance.

3 REPLIES 3
Highlighted
Engager

Re: False postive link

You can file a reputation dispute on talosintelligence.com
Highlighted
Beginner

Re: False postive link

Thanks for the reply. However, since the reputation is neutral, I don't think this is something I could or should dispute? Unless this is actually a bad thing and what causes the link to be blocked?

Highlighted
Cisco Employee

Re: False postive link

Hello Apsdelivery,

 

I would request you to please open a case with us and share the access logs or any other information.

 

If the URL is being detected , there has to be something OR at the very least , we will find it to be a False positive. In any scenario, we will find the reason. once you open a case with us, we can start on the investigations.

 

Regards

Shikha Grover

****Rate Helpful answers*****