AnsweredAssumed Answered

False Positive on logs (Sandblast Agent) on BANKING Sites

Question asked by CHINMAYA NAIK on Nov 29, 2018
Latest reply on Dec 5, 2018 by CHINMAYA NAIK

Dear Team,

 

Setup:

Endpoint Server

OS: GAIA R77.30 with 143 hotfix and R77.30 Adds on package installed.

Client Package : E80.87

 

Blade Enabled:

 

1.Sandblast Agent Anti-Ransomware, behavioral guard and Forensics
2.Sandblast Agent Anti-Bot
3.Sandblast Agent Threat extraction and emulation

 

We use TE appliance for extraction and emulation (Local Emulation).

 

Scenario : We visit some banking sites where we able to access the websites and even we see the Sandblast agent extension popup show "Scanned Phishing verified by Zero Phishing"

 

Some are GOVT websites like IRCTC (railway sites of India) 

Some are BANKING Sites

 

BUT as we see on logs and find below result. 

This is completely unbelievable

Showing:-

Severity:03

Confidence Level: High

Protection Name: Deceptive site Detection

Protection Type: Phishing Prevention

 

 

Please HELP me to resolve the issue.

 

#Chinmaya Naik (INDIA)

Outcomes