Received outbound spyware false positive verdict
search cancel

Received outbound spyware false positive verdict

book

Article ID: 171034

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

When navigating to a trusted website you receive an error message:
"Outbound Spyware  Your request was denied because it may represent a privacy or security breach.  Tech support information:  outbound_spyware"

"Outbound Spyware  Your request was denied because it may represent a privacy or security breach.  Tech support information:  outbound_spyware"



 

Environment

Cloud SWG

Cause

Symantec has categorized the site as "Outbound Spyware"

  1. Check the website for multiple IP listings:  https://www.ssllabs.com/ssltest/

    • Some websites have multiple IP addresses associated with their website.  You would need to check all of these to make sure they are able to pass your policy restrictions in order to reach that website.

  2. Test the website IP at www.virustotal.com 

    • Noting if the website has been reported as being unsafe with potential viruses.

Resolution

Submit the site for review with Symantec.

  • Submit recommendations to the Site Review team for changes to the category 
  • The Site Review Team will review the recommendations and respond to you with their findings
  • Typical turn around time is 24-hours

Check with your security team and decide if the risk should be allowed.  If so, add the site to trusted destinations.

To add traffic to Trusted Destinations:

1. Navigate to the Cloud SWG portal

2. Select Policy from the left-hand menu

3. Select Threat Protection

4. Select Trusted Destinations (G2 rule)

5. Select traffic from the available list and select add OR Select "New" to define a new IP, domain, etc.

6. Click Save

7. Be sure to click "Activate Policy" to ensure that the changes are applied.

  

If desired, create a new policy in the Content Filtering Rules to restrict broad access to the site(s). The policy can be used to restrict the access to only certain users, groups or access method for specific sites listed under Trusted Destinations.