I tried to search the forums for an answer but I didn't come across anything that was related that I could tell. We are running ENS 10.1.1 currently and I see it happen a lot. When I look in the ePO console for some devices I see hundreds of entries in the log for event ID 18600 and it is usually labeled as follows:
Threat Source URL:
Allowed Green Site
I have double checked anything i could find and the only thing I came across was Endpoint Security Web Control : Policy Category > Options and in the Event Logging section I have turned off Log events for allowed sites configured in the Block and Allow List (unchecked).
It's not a huge issue but its cluttering up logs and threat events so it's harder to narrow something down. Anyone have some insight or suggestions?