This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JPR
Collaborator
‎2024-03-12 03:53 AM

Problem with sites getting categorized as Low Risk and blocked

Hi,

Our firewall are blocking "Low Risk" sites even though we do not block "Low Risk" as a category and according to Check Point's online URL Categorization the site it isn't "Low Risk".

E.g. bedrevejr[.]dk gets categorized by our firewall as "Low Risk" and gets blocked:

bv.png

 

But by checking it online it gets categorized as "News / Media":

bv2.png

It hits a rule in our rule set where we block various categories, however, as mentioned above we do not block "Low Risk" as a category. Does anyone know what is going on and perhaps how it can be solved?

This is just an example. We have experienced it with other sites as well. Sometimes the "Low Risk" category just disappears and we can access the site site again and then the next day it's categorized as "Low Risk" and gets blocked. For some sites I have whitelisted them, however, I don't see that as a viable solution.

Thanks!

0 Kudos
10 Replies
George_Ellis
Advisor
‎2024-03-12 05:43 AM

You are not alone.  It is an ongoing issue for us and has been in escalated with no joy.

PhoneBoy
Admin
Admin
‎2024-03-12 08:10 AM

Can you show a log card (sensitive details redacted) of something that is getting blocked in this manner?

JPR
Collaborator
‎2024-03-12 08:37 AM
In response to PhoneBoy

Hi PhoneBoy,

Yeah, it looks like this:

bv3.png

I had actually whitelisted the site, however, it's still categroized as "Low Risk".

0 Kudos
JPR
Collaborator
‎2024-03-12 08:41 AM
In response to JPR

And here's the HTTPS Inspection:

bv4.png

0 Kudos
JPR
Collaborator
‎2024-03-12 08:43 AM
In response to JPR

And at the moment lego[.]com is also categorized as "Low Risk":lego2.png

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-03-12 09:47 AM
In response to JPR

Can you bypass it in https inspection policy to see if same issue persists?

Best,

Andy

Best,
Andy
0 Kudos
George_Ellis
Advisor
‎2024-03-12 11:43 AM
In response to the_rock

I know we are not doing https inspection in the base configuration.  And in the HTTPS Inspection policy it stated that it will only be enforced if it is enabled.

 

 

the_rock
MVP Platinum
MVP Platinum
‎2024-03-12 11:51 AM
In response to George_Ellis

See if this post helps.

Andy

https://community.checkpoint.com/t5/Management/Lots-of-sites-being-categorized-as-anonymizers-inc-Sp...

Specially this update from Jennifer:

the_rock_0-1710269487768.png

 

Jennifer_Wilson
Contributor
a week ago
 
In response to the_rock

 

Please find update from Checkpoint below :

'Currently, we have received multiple complaints about this issue and it was brought to the highest ranks in support and R&D departments, this issue is related to CP side and is being handled as we speak by our internal teams,

We appreciate your patience and cooperation in reporting this issue.
I will update you on the progress and possible steps to solve this issue once I get news from R&D'

Accept as Solution
0 Kudos
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
the_rock_1-1710269487769.png

 

gmorrow205
Explorer
a week ago
 
In response to Jennifer_Wilson

 

Any news on the fix?  I have a case open and got the same "known issue" response. 

Accept as Solution
0 Kudos
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
the_rock_2-1710269487770.png

 

Jennifer_Wilson
Contributor
a week ago
 
In response to gmorrow205

 

they have said a new application control db has been uploaded to the Gateways (but not the Management server), dated 05/03/2024 time 10:3x Update number 050324_3, which I've checked is now there. (cpview/Software-Blades/Overview-Updates Information:)
I am having a look now but Bing and open.spotify look good so far.

Best,
Andy
0 Kudos
George_Ellis
Advisor
‎2024-03-21 07:47 AM

One of my co-workers just spotted this one (and it will get blocked)

 

urlcat.png

George_Ellis
Advisor
‎2024-03-21 07:52 AM
In response to George_Ellis

Thank goodness for working from home and split tunneling.

 

Preview file
71 KB

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events