ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Intelligence Services: Threat Risk Level Incident

book

Article ID: 187922

calendar_today

Updated On:

Products

Web Security Service - WSS ProxySG Software - SGOS

Issue/Introduction

Intelligence Services: Threat Risk Level customers may be experiencing an issue where the Risk Level is higher than expected. This may result in unexpected behavior with sites being blocked by Risk Level policy. Our engineering team is actively working on restoring the service.

For customers who notice this impact, please refer to the recommendation section on what corrective actions can be taken.

We will provide updates as they become available.

Cause

Increase in URLs having a higher than normal Risk Level. 

Environment

Web Isolation
ProxySG
Web Security Service
Norton Core
Any other customers who are leveraging Threat Risk Levels in their URL filtering policy.

Resolution

Monitoring:

Our team has implemented a service update to the Risk Level database and the impact should no longer be visible to customers where the update has been implemented. We will continue to monitor the incident to ensure the service has been fully restored and there is no longer an impact to customers.

Recommendations:
Web Security Service Customers:
  • Now that the update has been propagated to all WSS’s service points: 
    • Customers who had temporarily disabled Risk Levels can now re-enable Risk Level in their policy
    • If Threat Risk Levels were never disabled, no action is necessary

ProxySG Customers:
  • The update is available for all ProxySG appliances to use. Customers should ensure that the latest Threat Risk Level database build number is “400930400” or greater
    • Customers who had disabled Risk Levels in policy should re-enable Risk Levels once the update has been verified
    • Customers that did not disable Risk Levels in policy, if the update has been verified there is no further action needed.

Additional Information

As of approximately 19:15 UTC, we have applied mitigation to restore service. Customers should now be receiving an update. Some customers may continue to see their services impacted while the update is propagated across their systems.