3 Replies Latest reply on Jul 6, 2012 9:31 AM by celtic67

    Trusted Source Blocking

      Hi all,

       

      I hope I'm posting in the right place, I've been advised to try here by our reseller after not getting anywhere with normal McAfee support or Trusted Source.

       

      We've recently been getting a lot of harmless sites blocked by Trusted Source that show a category of Internet Services and a reputation of Medium Risk. I understand that things can change and give sites a higher reputation, but in each instance when I've checked on the Trusted Source site, there's nothing to suggest the site has any risk.

       

      For example, the latest site to be blocked is our local union site, www.nottsunison.org.uk. It's been around for ages and should, presumably, have already been classified, so shouldn't appear as just Internet Services. If I go to www.trustedsource.org and search for this URL, it doesn't tell me any category and shows minimal risk. The graphs are blank and there's no email issues. So why is it being blocked?

       

      I've asked why this is happening with the last couple that were sent to Trusted Source, but the sites have just been reclassified & the calls closed. I also asked in a McAfee support call, but was referred to Trusted Source.

        • 1. Re: Trusted Source Blocking

          Hi Celtic67,

           

          what product are you using? I checked on my web gateway 7 and the site is working fine. If I do have problems with categorization I normally check via this URL http://www.trustedsource.org/en/feedback/url and submit change requests as needed. The trustedsource team seems to be very responsive normally if I have miscategorizations to report.

          Your site is showing up as uncategorized and minimal risk though.

          • 2. Re: Trusted Source Blocking

            Sometimes, the actual domain isn't the culprit, but the parameters on the command line or the IP address. If you take a URL like:

            http: //www.google.com/search?q=warez

            Google obviously isn't bad, but the parameters are blocked as Potential Criminal Activity.

             

            In this case, it's not the domain name, but the IP address (209.235.144.9) that is medium risk. The hosting service probably uses multiple sites on one IP address and one of them had been classified as bad reputation. That gets inherited by the IP address for the other sites hosted on the same IP.

             

            When you have multiple sites with different repuations on the same IP, we elect to err on the side of caution and rank it as the highest risk value to protect everyone.

             

            Because the domain nottsunion.org.uk is not categorized itself, it inherits the IP reputation. If it gets properly categorized, it will override the IP reputation in the future.

             

            You can also opt to turn off the reverse lookup of IP address in the URL filter settings on MWG7.

            • 3. Re: Trusted Source Blocking

              Thanks for both answers.  I'm using Web Gateway 7 and should've added that the Trusted Source requests have always been dealt with quickly with no problems, it's just that I was getting baffled by sites that had been fine getting blocked with no info available on the Trusted Source site. I've always gone to the main page and entered the URL there. Even now, adding the IP address there is showing me nothing, but using the URL in the first reply I see it has the Medium Risk reputation.

               

              I hadn't thought about other sites being hosted at the same address but that makes perfect sense. I've found that turning off "Do a forward DNS lookup to rate URLs" has allowed me access to the site.