- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-26-2014 07:03 AM
When an URL is categorized as malware by PAN-DB, I can´t find the reasons of such decision.
Why has it been categorized as malware?
Is there any way to know more about such decision?
I will be grateful if you can explain me this decision.
G.A.
02-27-2014 12:10 PM
Hi G.A.,
While we do have the information on why a particular URL/IP has been categorized as malware, it is not something that we are currently able to include in our automated email responses for change requests. This integration is something that we're working on so that we can help provide more detail and context to our customers. In the meantime, if you would like more information, please feel free to forward your question through your SE, or you can always submit your questions via the comments section in a submission.
Thanks,
Doris
02-26-2014 09:04 AM
Hello G.A,
We have a internal process which is done by our URL filtering team to categorize particular URL
There might be known malware on the site itself ,which is manually viewed by URL filtering team and classified as malware category.
If you can provide me the URL in question I can check with our URL filtering team about the categorization.
Regards,
Jahnavi
02-26-2014 09:11 AM
Hi G.A.,
When our threat prevention team analyzes malware samples, it takes note of where the malware was hosted and what it was attempting to connect to. This helps us gather information about what is infected and any possible related hosts, C&C, etc. As Jahnavi mentioned above, if a URL/IP is categorized as malware in PAN-DB, it does not necessarily mean that the URL/IP in question is hosting malware, but it could be part of a network associated with a specific malicious attack. If you suspect that a URL/IP has been miscategorized as malware, you can always request a change via our PAN-DB site: Palo Alto Networks URL Filtering - Test A Site . Feel free to add your comments in your submission, and the team will take a look.
Hope this helps,
Doris
02-27-2014 02:57 AM
Helo Doris,
I've allready asked for category change of a few sites marked as "malware".
Sometimes PAN team changes it as I suggested, other times the new category is still "malware" and I have no clue of such decision.
There is no report of the decision so we can't tell the owner (or the user) of the site "there is a security problem because of..." or "fix this item.."
Therefore, I have to "whitelist" the URL in order to let the user visit those sites ( AFAIK not malware).
It would be nice if the URL filtering team could provide a little report when the change request is still malware...
Many thanks for considering my request.
G.A.
02-27-2014 12:10 PM
Hi G.A.,
While we do have the information on why a particular URL/IP has been categorized as malware, it is not something that we are currently able to include in our automated email responses for change requests. This integration is something that we're working on so that we can help provide more detail and context to our customers. In the meantime, if you would like more information, please feel free to forward your question through your SE, or you can always submit your questions via the comments section in a submission.
Thanks,
Doris
02-28-2014 02:36 AM
Thanks your help !
G.A.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!