After a URL is received from an input source, it goes through the following steps before a verdict is reached. If a verdict can be reached at any step, the scan stops.
- Static Scan.
In this step, the URL is checked against the user uploaded Allowlist or Blocklist and the Overridden Verdicts list.
- Sandboxing Scan.
If WEBLink is associated with a VM type as defined in the Scan Profile page > VM Association tab, the URL is scanned inside a clone of that VM type. If the URL type is enabled with the
sandboxing pre-filteringcommand, only URLs whose webfiltering category is UNRATED is scanned inside a VM.
In the Static Scan step, URLs are checked against the user uploaded allowlist and blocklist in this order and rated as Clean or Malicious: Domain black list > URL REGEX black list > URL black list > Domain white list > URL REGEX white list > URL white list. For example, if users enter