When we browse to the website of https://hollandia.biz/ there is no problem. But when we go to the page https://hollandia.biz/home-services/ we get the DROP by Advance Threat Protection when the XG is used as proxy server.
There is no ATP DROP when going direct tru the XG not using the XG proxy.
Endpoint Protection X does not register any threat.
This seems a bug in XG proxy.
and about Intercept-X not detecting anything - I think XG and Endpoints use different sources for URL categorization. That's my personal experience when handling such stuff. So one Security-System has it listed but not the other. Strange product policy but this is how it seems to be at Sophos.
the sub page is categorized as C&C
while the base URL is general business.
I suggest you check totalvirus for that URL and submit a URL review to Sophos Support
as this is HTTPS traffic, the XG cannot inspect the sub-page you are visiting when you don't use the Web-Proxy. So ATP only comes when the XG can see the full URL in Proxy-mode.
Hi Nilesh,
Sophos does flag it as suspicious but it is only dropped when accessing it tru XG proxy. Not when accessing it direct https (same rule same settings) or by Endpoint X.
