ATP700 Reputation Filter false positive for BOTNETs

Options

Anyone else having issues with reputation filter false positives for BOTNETS on web sites? I have users going to seemingly harmless sites that are not blocked on my other routers but ATP700 is blocking for BOTNETs. My filter is set to medium and above and the log is showing the blocked sites as "High" risks.

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,104  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Dear @MBC_Andy

    Welcome to the Zyxel community. Could you share the screenshot of the blocked Monitor Log message with us on the public discussion or send a private message to us? Besides, please tell us which URL and IP the host tried to browse and trigger this blocked action. Many thanks for your update for us in advance.

  • MBC_Andy
    MBC_Andy Posts: 2
    First Comment
    Options

    Hi Jeff,

    One of the URLs is https://pointofbreak.org and 2 associated IPs for them are 13.248.243.5 or 76.223.105.230.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,104  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Dear @MBC_Andy

    Thanks for your feedback for us. We will correct it, please wait for our update. Thanks.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,104  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Dear @MBC_Andy

    Could you update the signature of IP Reputation to our latest version(20230613)? We notice 13.248.243.5 and 76.223.105.230 are detected to the threat level to Neutral.

    Before you browse https://pointofbreak.org/ , we suggest you could clean your browser's cache and PC's local cache. Thanks.

Security Highlight