Happy New Year!
I use the TrustedSource function in HIP8.0. Several days ago, I found that it blocked ip address 220.127.116.11 which is Google Public DNS. I submit a review application and yesterday it was changed from 'High Risk' to 'Mimimal Risk'. But now HIP8.0 still blocks it. I know from the product guide that HIP8.0 adopts a cache architecture to reduce the latency. I wonder how often the cache updates and when 18.104.22.168 will not be blocked by HIP8.0.
Each IP address has a potentially different reputation for each direction (inbound/outbound), protocol (TCP, UDP, ICMP) and port number it has been seen on. In your case, the IP address had a High Risk email reputation (inbound TCP port 25), which did get corrected but should not have triggered an alert since that IP is not involved in any email sending behavior. Can you post some details, if you still have them, for that alert so that we can track down what happened there?
Thanks for your reply. Since this issue occurred, I have disabled the TrustedSource. When I just enable it again, everything works now, and HIP doesn't block 22.214.171.124 any more. Therefore I can't provide any evidence now. Previously, when I visited any website, I can see in the log that HIP8.0 blocks 126.96.36.199 and then my OS use the alternative 188.8.131.52 to solve the domain names. When I ping 184.108.40.206, HIP allows it. But when I ping 220.127.116.11, HIP blocks it, and the log says TrustedSource - Get Ratings. In the command line window it says 'General Failure'. Given that things are working now, I wonder generally how long it will take for HIP to update its TrustedSource cache, and whether it is possible for users to update/clear the cache mannually.
Ok. I see what happened here. The cache was not the issue - typically an entry will not stay in the cache for long (I believe it's typically a few mins). The issue here was that when the email reputation of that IP was adjusted per your original requests, its DNS and ICMP reputations were not - that was fixed this morning. Sorry for the problem