cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Unverified reputation get Blocked with "High risk" policy

Jump to solution

Hello, 

 

I have noticed that certain URLs with "Unverified" reputation gets blocked with "High risk" blockage/policy. Is this a normal behaviour?

Affected url exampel: http://www.jphyronline.com/

According "https://trustedsource.org/en/feedback/url" the above url is "Unverifed". Why is it returning "High risk" reputation for the users? (see attached). 

Usually 2019-01-21 11_54_34.pngreputations should be the same even on "trusted source" as MWG represents. 

 

Regards. 

Labels (1)
1 Solution

Accepted Solutions
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Unverified reputation get Blocked with "High risk" policy

Jump to solution

Hi ,

Hope you are doing well.

URL www.jphyronline.com  is showing as Uncategorized URL  and Unverified reputation in trustedsource.org.

 

URL www.jphyronline.com  resolves to IP Addresses 194.9.94.86/194.9.94.85.

 

Categorization for 194.9.94.86  is falling under below Categories and Reputation as High Risk.

-Business 
- Malicious Sites
- PUPs (potentially unwanted programs)

 

Categorization for 194.9.94.85  is falling under below Categories and Reputation as High Risk.

 

- Malicious Sites
- Internet Services

 

 

In your URL filter profile by default an option named  Do a forward DNS lookup to rate URLs is enabled due to which you are seeing that high Risk Categorization.

 

Policy > Settings > Engines > URL Filter

    • Do a forward DNS lookup to rate URLs:
      • This setting will check the IP of an uncategorized URL and return category/rating information based on what it finds, in the local and cloud database.

 

Please refer below link for information on this:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-URL-Categorization-Submissions-to-TrustedSourc...

 

 

I have reached to the concered team to get the URL www.jphyronline.com   Categorized accordingly.

 

 

Regards

Alok Sarda

2 Replies
McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Unverified reputation get Blocked with "High risk" policy

Jump to solution

Hi ,

Hope you are doing well.

URL www.jphyronline.com  is showing as Uncategorized URL  and Unverified reputation in trustedsource.org.

 

URL www.jphyronline.com  resolves to IP Addresses 194.9.94.86/194.9.94.85.

 

Categorization for 194.9.94.86  is falling under below Categories and Reputation as High Risk.

-Business 
- Malicious Sites
- PUPs (potentially unwanted programs)

 

Categorization for 194.9.94.85  is falling under below Categories and Reputation as High Risk.

 

- Malicious Sites
- Internet Services

 

 

In your URL filter profile by default an option named  Do a forward DNS lookup to rate URLs is enabled due to which you are seeing that high Risk Categorization.

 

Policy > Settings > Engines > URL Filter

    • Do a forward DNS lookup to rate URLs:
      • This setting will check the IP of an uncategorized URL and return category/rating information based on what it finds, in the local and cloud database.

 

Please refer below link for information on this:-

 

https://community.mcafee.com/t5/Documents/Web-Gateway-URL-Categorization-Submissions-to-TrustedSourc...

 

 

I have reached to the concered team to get the URL www.jphyronline.com   Categorized accordingly.

 

 

Regards

Alok Sarda

McAfee Employee aloksard
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Unverified reputation get Blocked with "High risk" policy

Jump to solution

Hi,

Hope you are doing well.

Below is the response from concerned team:-

 

We have reviewed the URL, and based on the review, it will be categorized as 'Business' in the next GTI Database.

The GTI Database with this change will be available for download from our public download servers in a few hours.

 

 

Regards

Alok Sarda

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.