How do I get a website's risk level lowered, since we know it is safe?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I get a website's risk level lowered, since we know it is safe?

L0 Member

Earlier this week, I submitted a website that was blocked because it was categorized as malware incorrectly.  This was corrected very quickly. Now that same website is blocked because it is listed as "high risk".  We know that it is not. When I tried to use the same method to change the category, the message tells me I need to contact support to fix this. The problem is that if I use the customer support portal, I cannot accurately report the problem, and am required to fill out information that does not apply. I tried to call, and the call tree refuses to connect me to a live person, because I do not have a support ticket, and disconnects the call. 

How do I get a website changed from "high risk" to a more acceptable level?

We are using a Palo PA-850

Thank you

L

4 REPLIES 4

Cyber Elite
Cyber Elite

@lloving,

If it's something that you've deemed same then override it so your users can access that site. This category can't be modified via request and isn't something that is recommended to be blocked (however a lot of people do). The criteria for high-risk is the following:

  • Sites previously confirmed to be malware, phishing, or C2 sites that have displayed only benign activity for at least 30 days.
  • Unknown domains are classified as high-risk until PAN-DB completes site analysis and categorization.
  • Sites that are associated with confirmed malicious activity. For example, a page might be high-risk if there are malicious hosts on the same domain, even if the page itself does not contain malicious content.
  • Bulletproof ISP-hosted sites.
  • Sites hosted on IPs from ASNs that are known to allow malicious content.

 

It's possible that the activity that PAN recorded simply cleared since your manual review, but they still have malicious activity recorded. Contacting support wouldn't have them clear the high-risk categorization, it would simply lead to them walking you through making an exception.

L0 Member

is there any way to know what the trigger was? the website is https://mthf.org/resource/2024-medicaid-in-montana/ 

Hi Lloving,

I found your post because my website was flagged as malicious, similarly to the one you're having trouble accessing.  In another post I found this link for the owner of the website to use to request a change; it's what I need to solve my issue, and maybe the owner of MTHF can submit their website for reevaluation as well.
https://urlfiltering.paloaltonetworks.com/

Thank you @Goofball! I will pass that on, to see if they will do it.

 

  • 838 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!