Solved: Re: Problem with Reputation Dispute Ticket

RalphSlate6341 · ‎08-26-2019

Hello, I discovered that my domain, which has been around for over 20 years and has a high industry reputation (one of the top 100 websites in Canada), was recently marked as "Poor" by Talos Intelligence. I opened up a Reputation Dispute Ticket on August 20. On August 22, this ticket was marked as RESOLVED_CLOSED, with a Resolution of FIXED_FP. No further information was given, but the reputation was not changed.

I tried entering another ticket, but it got immediately closed as DUPLICATE.

I spent over 2.5 hours on the phone with Cisco support this morning, but basically no one at Cisco knows about this situation. I'm hoping that someone here can assist me in what steps I should take next to resolve this.

Thanks,

Ralph

Handy Putra · ‎08-26-2019

Hi,

The reputation score was based on automatic sensors that we have around the globe, the automatic sensors pick up based on multiple factors such as content of the site, body, links, etc.

If the automatic sensors picks up there is potential malicious code, etc, it will automatically reduce the scoring.

To see the actual reputation score, if you have WSA appliance, you can see the score from the access logs of the transactions.

Regarding to the FIXED_FP could means that the Talos team has fixed the dispute and it is actually false positive.

Regards

Handy Putra

View solution in original post

Handy Putra · ‎08-26-2019

Hi Ralph,

If you dont mind can i get the domain or the web site that you are referring to for me to check and see what can be done.

Regards

Handy Putra

RalphSlate6341 · ‎08-26-2019

Thank you! The site is www.hockeydb.com.

Handy Putra · ‎08-26-2019

Hi,

www.hockeydb.com, is consider as neutral reputation at the moment (got rectified during weekend).

Regards,

Handy Putra

RalphSlate6341 · ‎08-26-2019

Thank you. Do you have any tips as to why it was set to Poor, so that I can avoid this happening again? I put in the original ticket on 8/20, on 8/21 it went back to Neutral, but on 8/22 it went back to Poor - so I expect it could happen again.

Is there any way for me to see the actual score (from 10 to -10)? If i'm on the cusp, it seems like maybe I could cycle in and out.

Can you explain what status FIXED_FP means?

Thanks!

Handy Putra · ‎08-26-2019

Hi,

The reputation score was based on automatic sensors that we have around the globe, the automatic sensors pick up based on multiple factors such as content of the site, body, links, etc.

If the automatic sensors picks up there is potential malicious code, etc, it will automatically reduce the scoring.

To see the actual reputation score, if you have WSA appliance, you can see the score from the access logs of the transactions.

Regarding to the FIXED_FP could means that the Talos team has fixed the dispute and it is actually false positive.

Regards

Handy Putra

RalphSlate6341 · ‎08-27-2019

Thank you, that is great information, especially regarding the FIXED_FP.

I think there may be a hole in Talos' process though. Now that I understand that status, it seems like this is what happened:

1) My site got flagged for some reason.

2) I entered a dispute ticket.

3) Talos reviewed the ticket, and correctly changed the status back to Neutral, with the status of FIXED_FP (false positive).

4) The site got flagged again.

5) The dispute system did not allow me to enter a second ticket - it auto-closed those as DUPLICATE.

This made it impossible for me to re-address the situation. I had no avenue of recourse.

Thanks,

Ralph

Handy Putra · ‎08-27-2019

Yup, I think that was the case for you when disputing with Talos.

I will give feedback to the Talos team on this :-)

Regards

Handy Putra

RalphSlate6341 · ‎08-28-2019

Thank you for passing that along!

Ralph