Removal from high-risk due to false positive

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Removal from high-risk due to false positive

L1 Bithead

Hi,

 

Our website, electask.com, was recently cleared of a false positive by CDRF and now has 0/90 vendors on VirusTotal flagging us as malicious. Can you please reduce our risk level?

 

https://www.virustotal.com/gui/url/8e1462a33ee7402dd3c3168239d3fe50cb0f5a8fc85527043398cf64e1dc3801?...

 

Best,

 

Max

1 accepted solution

Accepted Solutions

here is the response from our internal engineering team.

This domain was released as high-risk on 10/12/2023 as we observed the malicious child URL electask[.]com/k56b (VT 7 hits) on the same day. Our standard policy is to re-evaluate the risk level 30 days after the last release (i.e. 11/12/2023) and lower the risk if the malicious URL(s) are no longer present. However, I manually analyzed the domain and since the malicious URL is cleaned now, we lowered the risk to low-risk now. 

==========

electask.com is now Low Risk 

 

View solution in original post

12 REPLIES 12

L5 Sessionator

This is not the place for these types of requests.  This is for files and for non-customers to request a verdict change for their files.

The reason you are seeing a high risk by Palo Alto Networks is due to this URL being deemed malware:

electask[.]com/k56b


You can do a Request Change here:
https://urlfiltering.paloaltonetworks.com/

We will then do a manual review of the URL.  

Thank you. https://www.electask.com/k56b just directs to a 404. I'll submit a review

Hi Dabone,

 

When I submit a request it gives me the following message: 

"If you are trying to change the Risk rating, this cannot be done via Change Request. If the Risk rating is incorrect, please contact support."
 
Before this forum, I've tried half a dozen times to contact support via phone, chat, and submitting on the website but have been unable to reach anyone. Do you have any advice?

Are you a Palo Alto customer?  If so, open a TAC case.  If not, you can do the Request Change, and if it is changed, the Risk level will be lowered after ~30 days. 

I am not a customer. Is there anyway to get it faster than 30 days? Our customers use PANW and it’s impacting our business

L5 Sessionator

Hello,
I have engaged our internal PANDB team to review this issue. 
Here is a link to the ticket for reference.  This is not a public facing domain.  This is for reference for those that can assist with any updates. This could take a couple of working days for a response. 
PDE-2806 

You're awesome. Thank you very much for the help!

Hi DaBone,

 

I'm still seeing us as "high-risk." Is there any update on your end? Thank you again very much for looking into this.

 

Best,

 

Max

L4 Transporter

I inquired from the engineers about the progress on this issue.

here is the response from our internal engineering team.

This domain was released as high-risk on 10/12/2023 as we observed the malicious child URL electask[.]com/k56b (VT 7 hits) on the same day. Our standard policy is to re-evaluate the risk level 30 days after the last release (i.e. 11/12/2023) and lower the risk if the malicious URL(s) are no longer present. However, I manually analyzed the domain and since the malicious URL is cleaned now, we lowered the risk to low-risk now. 

==========

electask.com is now Low Risk 

 

You all are awesome! Thank you so much!

 

Max

You're very welcome; we are happy to help.

  • 1 accepted solution
  • 21014 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!