spyware and adware incorrect category

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

spyware and adware incorrect category

Not applicable

Its been a long day so might be being daft but i have the following issue.

as you can see googleapis.com and translate.google.com maps.google.com are being listed as spyware and adware coming from the brightcloud list. I have requested for this to be modified but they came back today saying it was in the correct category (computers and information) they also suggested upgrading to 4.287 but cant see this being changed in their change log. we are currently on 4.286

am i the only one with this issue?

5 REPLIES 5

L5 Sessionator

Hi d.ballam,

BrightCloud did have an issue about a month ago where googleapis.com was miscategorized as spyware and adware.  However, this was fixed, and I have also confirmed that these sites are categorized correctly today.  Given that you are still seeing the wrong category on your device, you may still have the old category saved in your device cache.  Can you try using the CLI command "clear url-cache all" to purge your cache and try again?

--Doris

tried that still in the wrong category

Hi d.ballam,

Just wanted to be sure that you tried going to the site again.  Any existing logs will still show the category logged at the time, but any new traffic to the URLs in question should generate new logs that reflect the new category. 

--Doris

hey @d.ballam I was having a lot of issues with URLs being listed incorrect in our PAN Firewalls as well.

https://live.paloaltonetworks.com/message/27982#27982


dyang was a big help in that link above.

dyang1.jpg

dynamic2.jpg

Make sure you have the dynamic URL filtering option selected. We have our URL Cache to hold for 8 hours, I believe, but URLs were still being listed as incorrect way past that until I changed all my URL filters to have this option checked.

Also ipconfig /flushdns, firewall might have correct entries but PC could need flushed.

I've seen malware call out to look-a-like/fake google websites. Things like googleapi.ru, or googleruapi.com, etc.

BrightCloud has been really disappointing the past year for my team. We are counting down the days until the license ends so we can use PAN-DB. Every single time we have an incorrect BrightCloud URL, we check it in PAN, and 99% of the time PAN-DB is correct, when BrightCloud is wrong.

In the cli don't forget to run:

clear url-cache all

then you might see sites classified correctly.

I'm not too happy with brightcloud myself. I have submitted changes and sometimes it takes forever for them to assign them the correct categorization and they miss some obvious sites.

However, tech support suggested we stick to brightcloud instead of the PAN-DB because it is much better, but as of 6.1 there are features that use PAN-DB like:

"PAN-DB can now categorize content down to the page level instead of just at the directory level. Because the pages within a domain can be long to multiple categories, this capability

provides increased accuracy in filtering content and prevents potential over-blocking of web content."

I read somewhere that DNS sinkholing requres PAN-DB.

Larry

  • 6690 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!