Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Trevor
Participant
Jump to solution

URL Filter categorizes Microsoft Downloads as "Anonymizer"

resolves as:
Pinging e12671.dscd.akamaiedge.net [184.24.36.222] with 32 bytes of data:

----------------------

CHECK POINT LOG ENTRY:

Event Name:           Web Browsing

CU Rule Category:     Legacy;Application & URL Filtering

..

Is Correlated:        true

Num Of Updates:       1

Is Active:            1

Event Start Time:     2024-03-04T17:40:03Z

Detection Time:       2024-03-04T19:10:04Z

Last Update Time:     2024-03-04T19:10:04Z

Time Interval:        0

Max Num Count Detected:1

 

Destination Country:  United States

Destination:          184.24.36.222

Destination Port:     443

...

Dropped Outgoing:     0

Dropped Incoming:     0

Dropped Total:        0

Severity:             Informational

Action:               Drop

Type:                 Correlated

Blade:                URL Filtering

Service:              TCP/443

Product Family:       Access

Sent Bytes:           0

Received Bytes:       0

...

Application Name:     184.24.36.222

Application Risk:     Unknown

Browse Time:          0

** --------> Additional Categories: Anonymizer,Unknown Risk,URL Filtering

Primary Category:     Anonymizer

Matched Category:     Anonymizer

...

Event End Time:       2024-03-04T19:10:04Z

*** ------> Description:          https Traffic Dropped from .... to 184.24.36.222(184.24.36.222)

Bytes (sent\received): 0 B (0 B \ 0 B)

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

The issue is resolved now, it was a false positive.

View solution in original post

0 Kudos
2 Replies
Lesley
Leader Leader
Leader

Not anymore:

For http://download.microsoft.com

Categories: Software Downloads, Low Risk, Computers / Internet

Category:
Software Downloads 

This category includes URLs that provide legal downloadable software for personal computers. Not all software available on the Internet is appropriate for use inside a secured network. The category is meant to cover the risks associated with downloading and installing unapproved software inside the secure network. Examples: http://www.top-of-software.de, http://www.download.cnet.com

Category:
Low Risk 

Applications and Websites that are potentially non business related yet low risk.

Category:
Computers / Internet 

This category is intended to cover websites related to computing software and hardware, as well as Internet and technology-related companies. This includes, but is not limited to vendors, product reviews, and deployment and maintenance of software and hardware. This also includes addons such as scripts, plugins, drivers, peripherals, and other equipment used in conjunction with computers and networks. Examples: http://www.archive.org, http://www.verisign.com, http://www.limewire.com, http://www.w3schools.com

 

https://support.checkpoint.com/results/sk/sk69200

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
_Val_
Admin
Admin

The issue is resolved now, it was a false positive.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events