Sophos Web Appliance: Sophos URL Classifications

  • Article ID: 17590
  • Rating:
  • 13 customers rated this article 3.6 out of 6
  • Updated: 19 Aug 2013

To have the classification automatically reviewed, please follow article 119440

The web appliance uses security risk classifications assigned by SophosLabs to assess the website requests made by your users. The classifications are defined in a list of URLs that is maintained by SophosLabs and is updated several times a day. The appliance stores a copy of the current classifications and checks for updates periodically.

The appliance takes different actions depending on the security risk classification of the requested URL:

High Risk: These sites have been analyzed by SophosLabs and host malicious content that can compromise network security. These sites are always blocked.

Medium Risk: These sites have been analyzed by SophosLabs and have a history of poor privacy or security practices that may compromise network security. By default, the appliance scans these sites before allowing access. You can override this default action by setting the appliance to block access to these sites.

Low Risk: These sites have no recent history of malicious content or behavior. These sites are periodically reviewed by SophosLabs to verify site contents. When a low risk site is requested, the appliance scans it before allowing access.

Trusted: These sites are entered by the administrator and are not analyzed or reviewed by SophosLabs. Enter only sites that meet strict security criteria because they will not be scanned before access is granted.

Unclassified: These sites have not yet been analyzed or reviewed by SophosLabs and may compromise network security. By default, the appliance treats these sites as low risk sites. The other choices are to treat them as medium risk or high risk sites.

Using the information in the Sophos URL Risk Classifications

Understanding this classification process can help you, as an administrator, to decide:

  • What action the appliance should take when it receives requests for medium risk and unclassified sites
  • Which sites to enter into Add Local Classifications. This is the list that you can create to extend the coverage to sites not listed in the Sophos Classifications, or to override the threat severities and the categorizations of that list.

For more information about how to configure these settings, in the appliance software, click Help > Configuration > Global Policy, and read the 'Security Filter' and 'Add Local Classifications' sections.

Reviewing URL risk classification

A mechanism is available in the appliance that allows the administrators to submit URLs to Sophos that the end users have marked as being misclassified using the "allow user feedback" feature. These URLs are placed in a queue for manual review by SophosLabs and are reclassified, if appropriate.

To submit misclassified URLs to Sophos, go to the Configuration > Global Policy > General Options page and select the option to Ensure sharing of non-user identifiable data with SophosLabs to improve protection

For more information about the allow user feedback feature, click Help > Configuration > Group Policy > Default Policy, and read the 'Allow User Feedback' section.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent