Why is my site categorized as High Risk?
33732
Created On 08/20/20 23:58 PM - Last Modified 03/29/24 07:23 AM
Question
Why is my site categorized as High Risk when it should not be?
Environment
- Palo Alto Firewall.
- Any PAN-OS.
- URL Filtering configured.
Answer
The website is categorized as high risk if the website was recently compromised and then remediated. It could be due to a False Positive also. This means the website has transitioned through malware, phishing, or command-and-control URL Category. Few other reasons are listed under additional section.
After the category is changed back to a non-malicious category, the website will remain with a High-Risk categorization. High Risk is a category used for websites that hosted malware in the last 30 days. After 30 days, the Risk category will move to Medium, and after another 30 days, it will be downgraded to Low Risk.
This process is automatic, and a category change from Test-A-Site will not result in changes to the Risk categorization. This is to ensure that domains that stay clean can be differentiated from ones that were only just up until recently hosting malicious content.
Additional Information
New Security-Focused URL Categories