Take a look and ensure that you are not being redirected to an SSL version of Google - it appears that when my users are not 'properly' authenticated and they try to hit Google (and its the httpS) it chokes on me as well.
No, it's not HTTPS as far as I can tell. The original block screen shows HTTP. That's a good thought though, I'll keep it in mind and double check on the user's side.
can you replicate the problem at the moment? Do you have some lines of access.log that show it?
Can't currently replicate
Also, don't have the access.logs anymore. Would a detailed web report help? Or can they be recovered from the Web Reporter?
I see this fairly often with a lot of different sites though Goggle is a fairly common culprit.
The site it's self it known to be minimal risk, however that server, or URI may have had something on it that McAfee have classed as Malicious. From what I can tell, this is an automated process by Trusted Source. The incidents of this are normally transient, though when I do see it, I always report the link to Trusted Source and it is quickly resolved.
BTW, the block pages have some potentially sensitive internal details of your network, such as the users User ID, and the departments they work for. you might want to remove it.
thanks for the insight. I can confirm that from time to time I have seen reports about something being blocked, whille a few moments later the issue did not show up again. I am very interested in catching examples of "known good websites" being rated as malicious, but it is very rare that I get an example I can replicate (thats why I asked if you can replicate it).
Basically we do not only categorize the URL, but also Paths or Parameters can influence the result. Additionall Category and Reputation are independent from each other, so it could happen that a specific piece of the URL leads to a malicious rating, while the overall reputation of the domain is still good.
We have around 20 URL filter updates a day and usually such issues are resolved very quickly. I personally would ask the user to check if the issue persists. If it does we should replicate the problem and find out what causes the block. If the issue is gone most likely a URL filter database update has resolved the issue magically. It would require the URL and the exact URL filter database version to replicate the problem.
@tris - I thought about reporting it to Trusted Source, but since I couldn't replicate it on a different PC today I figured I should wait. Thanks for the sensitive info heads up, too! I usually do my best to edit , but I must've been in a rush; I don't see a way to edit my post though
@andre - I've asked the user to be on the lookout and try it on his free time. The strangest thing was yesterday afternoon (of course this happened at 4:50pm!) that as I watched this happen, I asked the user to try out Bing. So, we searched Bing for web filtering software and found the K9 listing in the results. When he clicked on the link we got the same googleads/malicious sites block page! I still can't figure that one out.
1 of 1 people found this helpful
Sounds like a browser hijack.
The URL that it's referring to is googleads.l.doubleeclick.net rather than doubleclick.net. doubleeclick.net is a malicious domain.
There's some discussion here: