Hello,
I have problem with web site www.vyrava.sk.
log from SEP:
22.1.2016 12:23:26 Intrusion Prevention Critical Incoming TCP 37.9.175.19 80 N/A 192.168.102.101 52317 N/A \DEVICE\HARDDISKVOLUME4\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE 28821 70105 Web Attack: Mass Injection Website 19 www.vyrava.sk/ 22.1.2016 12:23:02 22.1.2016 12:23:11 [SID: 28821] Web Attack: Mass Injection Website 19 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME4\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
* https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28821
I think, this web site www.vyrava.sk is ok.
I would like to make exception fort this, for example:
but there is ONLY severity "High" and I need severity "Critical"
We checked our site and make sure no virus on our server and site, would like to request to delist from the Symantec Endpoint Protection. I go tohttp://ipremoval.sms.symantec.com/lookup/ and https://sitecheck.sucuri.net, we found out that our server IP was not listed.
Why my site was reported as Web Attack? What should I do next?
Thank you very much for your advice.