Received outbound spyware false positive verdict
Article ID: 171034
Updated On:
Products
Issue/Introduction
When navigating to a trusted website you receive an error message:
"Outbound Spyware Your request was denied because it may represent a privacy or security breach. Tech support information: outbound_spyware"
Environment
Cloud SWG
Cause
Symantec has categorized the site as "Outbound Spyware"
-
Check the website for multiple IP listings: https://www.ssllabs.com/ssltest/
-
Some websites have multiple IP addresses associated with their website. You would need to check all of these to make sure they are able to pass your policy restrictions in order to reach that website.
-
-
Test the website IP at www.virustotal.com
-
Noting if the website has been reported as being unsafe with potential viruses.
-
Resolution
Submit the site for review with Symantec.
- Submit recommendations to the Site Review team for changes to the category
- The Site Review Team will review the recommendations and respond to you with their findings
- Typical turn around time is 24-hours
Check with your security team and decide if the risk should be allowed. If so, add the site to trusted destinations.
To add traffic to Trusted Destinations:
1. Navigate to the Cloud SWG portal
2. Select Policy from the left-hand menu
3. Select Threat Protection
4. Select Trusted Destinations (G2 rule)
5. Select traffic from the available list and select add OR Select "New" to define a new IP, domain, etc.
6. Click Save
7. Be sure to click "Activate Policy" to ensure that the changes are applied.
If desired, create a new policy in the Content Filtering Rules to restrict broad access to the site(s). The policy can be used to restrict the access to only certain users, groups or access method for specific sites listed under Trusted Destinations.
Feedback
