Question
We often receive questions related to the Proxy/VPN category seen in Threat Lists and Policy Risk Thresholds. For example:
|
"I am looking for some clarification on how the Proxy/VPN category works. We have tested a couple of NordVPN sites but the connection is allowed, so what drives the determination that an IP should be blocked for this reason?" |
Answer
We map the Webroot category "Proxy" and the Proofpoint categories "Proxy" and "Proxy Host" to our overarching category Proxy/VPN.
We document this on page 4 of our Default Lists customer facing documentation.
Basically, we are blocking things that Webroot and Proofpoint (if a customer has purchased our Proofpoint add-on) mark as *malicious* Proxy services on known malicious IPs. We don't block good/normal proxy services (obviously).
If a customer wants to block specific VPN services, they are encouraged to create and appropriately enable a manual Denied List to map those services.
Comments
0 comments
Please sign in to leave a comment.