ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Intelligence Services: Threat Risk Level Incident
Article ID: 187922
Web Security Service - WSSProxySG Software - SGOS
Intelligence Services: Threat Risk Level customers may be experiencing an issue where the Risk Level is higher than expected. This may result in unexpected behavior with sites being blocked by Risk Level policy. Our engineering team is actively working on restoring the service.
For customers who notice this impact, please refer to the recommendation section on what corrective actions can be taken.
We will provide updates as they become available.
Increase in URLs having a higher than normal Risk Level.
Web Isolation ProxySG Web Security Service Norton Core Any other customers who are leveraging Threat Risk Levels in their URL filtering policy.
Our team has implemented a service update to the Risk Level database and the impact should no longer be visible to customers where the update has been implemented. We will continue to monitor the incident to ensure the service has been fully restored and there is no longer an impact to customers.
Recommendations: Web Security Service Customers:
Now that the update has been propagated to all WSS’s service points:
Customers who had temporarily disabled Risk Levels can now re-enable Risk Level in their policy
If Threat Risk Levels were never disabled, no action is necessary
The update is available for all ProxySG appliances to use. Customers should ensure that the latest Threat Risk Level database build number is “400930400” or greater
Customers who had disabled Risk Levels in policy should re-enable Risk Levels once the update has been verified
Customers that did not disable Risk Levels in policy, if the update has been verified there is no further action needed.
As of approximately 19:15 UTC, we have applied mitigation to restore service. Customers should now be receiving an update. Some customers may continue to see their services impacted while the update is propagated across their systems.