Skip to main content
My preferencesSign out
Proofpoint, Inc.

Links rewritten by URL Defense still lead to malicious sites

Situation You received an email with a link rewritten by URL Defense that still linked to a malicious site.
Solution This is what we called a TAP False Negative. To solve this issue admin should follow the same steps when reporting a False Negative (through a ticket or chat). Ina ddition, admin will need to add the link that was not blocked by URL Defense into the ticket or chat.


False Negative/Positive Reporting Process

Only an administrator level account can report as a false negative/positive.

  • False Negative = spam
  • False Positive = not spam

As the admin:
1. Click on Log Search.
2. Search for the message.
3. In the search results, click Detail for the desired message.
4. Click Report as false negative or Report as false positive.
5. Fill out the information on the next page.
6. Click Report.
7. Copy the permalink of the message(s) being reported.

If you are using the drop down selection to 'report as..' you can only do this one at a time, you cannot mass select messages and report. This does not work.

Once you do this, create a ticket indicating you did this and supply the permalinks, so we can retrieve the message for more detail. We can review and put this through our standard reporting process. Include the malicious link in the ticket 

Important Information

 

How long does it take to block these links?

After we receive you ticket, we will submit a case to our spam engineers to analyze the emails and links, and update our spam definitions if necessary. This process can take up to 24 hours. You can follow same process for a TAP False Positive.

I don't see the "Report" button

After reporting the email if you don't see the report button, you will have to create a ticket any way, add the permalink and attach into the ticket the original emails with the malicious links.