search cancel

Intelligence Services: Threat Risk Level Incident


Article ID: 187922


Updated On:


Cloud Secure Web Gateway - Cloud SWG ProxySG Software - SGOS


Intelligence Services: Threat Risk Level customers may be experiencing an issue where the Risk Level is higher than expected. This may result in unexpected behavior with sites being blocked by Risk Level policy. Our engineering team is actively working on restoring the service.

For customers who notice this impact, please refer to the recommendation section on what corrective actions can be taken.

We will provide updates as they become available.


Web Isolation
Web Security Service
Norton Core
Any other customers who are leveraging Threat Risk Levels in their URL filtering policy.


Increase in URLs having a higher than normal Risk Level. 



Our team has implemented a service update to the Risk Level database and the impact should no longer be visible to customers where the update has been implemented. We will continue to monitor the incident to ensure the service has been fully restored and there is no longer an impact to customers.

Web Security Service Customers:
  • Now that the update has been propagated to all WSS’s service points: 
    • Customers who had temporarily disabled Risk Levels can now re-enable Risk Level in their policy
    • If Threat Risk Levels were never disabled, no action is necessary

ProxySG Customers:
  • The update is available for all ProxySG appliances to use. Customers should ensure that the latest Threat Risk Level database build number is “400930400” or greater
    • Customers who had disabled Risk Levels in policy should re-enable Risk Levels once the update has been verified
    • Customers that did not disable Risk Levels in policy, if the update has been verified there is no further action needed.

Additional Information

As of approximately 19:15 UTC, we have applied mitigation to restore service. Customers should now be receiving an update. Some customers may continue to see their services impacted while the update is propagated across their systems.