cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
brpe
Level 7
Report Inappropriate Content
Message 1 of 6
‎02-04-2013 03:42 AM

Webgateway vs. siteadvisor

Jump to solution

Hi,

I dont know if this is the right place for this post.

For about 2 years ago we bought 2 web gateway 7 in our organization for scanning web pages. They where set up a McAfee technician and it looked fine. But over time, they started blocking many web pages witch was safe. So I tried to test the pages with http://www.siteadvisor.com/  and it did'nt find any danger. It will eventually become a major problem because our whitelist to be miles long and the websides might be unsafe later on, but automatically approved due to our whitelist.

So my question is, you can see more specifically what the web gateway find unsafe and should url filter not be the same at the Web gateway and http://www.siteadvisor.com?

Webgateway Anti-Malware Versions:

Last Update: 100 minutes ago

Gateway Engine: 7001.1202.1796

Gateway DAT's: 1563

Engine: 5400.5001

DATs: 6975

Best regard

Brian Pedersen

Reply
1 Solution

Accepted Solutions
fschulte
Level 10
Report Inappropriate Content
Message 4 of 6
‎02-05-2013 01:16 AM

Re: Webgateway vs. siteadvisor

Jump to solution

Hi Brian!

I just checked both URLs and both show up as Green/Minimal Risk but have no categories assigned.

In this case MWG applies a heuristic (enabled by default) which will do a DNS lookup and will categorize the returned IP address. If the site is hosted on a suspicious web server (because other suspicious sites are also hosted on that server) the final reputation result will also be suspicious/medium risk/yellow. This is what happens in your case.

E.g. Resolving frismus.nu I get 194.182.128.105. Categorizing then this IP through Site Advisor or trustedsource.org I get a yellow result.

If this heuristic shows to many false positives you can disable it: Go to Policy -> Settings -> URL Filter and disable the checkbox (called something like) "Do forward DNS lookup".

Ciao

Felix

View solution in original post

Reply
5 Replies
fschulte
Level 10
Report Inappropriate Content
Message 2 of 6
‎02-04-2013 04:50 AM

Re: Webgateway vs. siteadvisor

Jump to solution

Hi Brian!

Can you give an example URL and the results you see using Web Gateway and Site Advisor?

In general, you should see the same results Though, the configuration of Web Gateway (e.g. if local database and/or cloud is used;  usage of DNS in cases that the URL is uncategorized) or some delay when the database is updated could sometimes lead to slightly different results.

Ciao

Felix

0 Kudos
Reply
brpe
Level 7
Report Inappropriate Content
Message 3 of 6
‎02-04-2013 05:42 AM

Re: Webgateway vs. siteadvisor

Jump to solution

Hi Felix

Thanks for fast reply!

We have just added this sites and have some which siteadvisoer havent' tested yet:

http://www.frisms.nu/

http://www.jungmesser.dk

Thanks,

Message was edited by: brpe on 2/4/13 7:42:30 AM CST
0 Kudos
Reply
fschulte
Level 10
Report Inappropriate Content
Message 4 of 6
‎02-05-2013 01:16 AM

Re: Webgateway vs. siteadvisor

Jump to solution

Hi Brian!

I just checked both URLs and both show up as Green/Minimal Risk but have no categories assigned.

In this case MWG applies a heuristic (enabled by default) which will do a DNS lookup and will categorize the returned IP address. If the site is hosted on a suspicious web server (because other suspicious sites are also hosted on that server) the final reputation result will also be suspicious/medium risk/yellow. This is what happens in your case.

E.g. Resolving frismus.nu I get 194.182.128.105. Categorizing then this IP through Site Advisor or trustedsource.org I get a yellow result.

If this heuristic shows to many false positives you can disable it: Go to Policy -> Settings -> URL Filter and disable the checkbox (called something like) "Do forward DNS lookup".

Ciao

Felix

View solution in original post

Reply
brpe
Level 7
Report Inappropriate Content
Message 5 of 6
‎02-05-2013 05:35 AM

Re: Webgateway vs. siteadvisor

Jump to solution

Hi fschulte

Thank you for your answer this was a nice and easy solution.

0 Kudos
Reply
Regis
Level 12
Report Inappropriate Content
Message 6 of 6
‎02-11-2013 07:21 AM

Re: Webgateway vs. siteadvisor

Jump to solution

This is a timely thread as I'd encountered several of these head scratchers myself of late.

As Felix said, if the URL is uncategorized,   the reputation of the IP is used for categorization it seems.  In my case, I was seeing things getting categorized as Malicious Sites in my log files, but checking at  https://www.trustedsource.org/en/feedback/url   it showed the URL in my logs as uncategorized.  Sure enough that same URL entered as its corresponding IP address, however,  showed the same categorization I saw in my logs.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC