5 Replies Latest reply: Mar 4, 2013 9:29 AM by Travler RSS

    SmartFilter Claims a Website is Malicious When It Isn't -- How to Correct it?

    bobafart

      SmartFilter claims a website is malicious when it isn't. 

       

      McAfee, can you please update smartfilter to include a wrongfully posted website?  please message me

       

      thanks

        • 1. Re: SmartFilter Claims a Website is Malicious When It Isn't -- How to Correct it?
          Ex_Brit

          Smartfilter is part of the Enterprise software, what McAfee software and version are you using?

          • 2. Re: SmartFilter Claims a Website is Malicious When It Isn't -- How to Correct it?
            bobafart

            I do not know. It is a work computer.  How can I check?

            • 3. Re: SmartFilter Claims a Website is Malicious When It Isn't -- How to Correct it?
              Ex_Brit

              Not sure as I don't moderate those products, but have moved this provisionally to Firewall Enterprise (Sidewinder) and hopefully someone with that expertise will answer you shortly.

              • 4. Re: SmartFilter Claims a Website is Malicious When It Isn't -- How to Correct it?
                PhilM

                If a site has been classified as malicious it could be because of reputation. The idea behind reputation scoring is that the TrustedSource/Global Threat Intelligence service run by McAfee receives reports from all participating McAfee products (Firewall Enterprise, Email & Web Security, Web Gateway, even VirusScan Enterprise) and if it receives enough reports of a site exhibiting behaviour which may be deemed as malicous or suspicious it will categorise it accordingly. This is designed to combat 'zero-day' security threats.

                 

                Hackers try to compromise an otherwise well known and upstanding web site (e.g. bbc.co.uk, cnn.com, etc...). Normal web filtering solutions will still see these sites as being OK (because nothing ever bad happens at the BBC or CNN), but the reputation score is a dymanic function - based on the aforementioned behavioural reports from other McAfee products. When the people behind these sites fix the problem, the reports of bad behaviour stop and the reputation score is automatically adjusted so that the site is no longer viewed as being malicious in nature.

                 

                The problem isn't always with the site you are trying to visit, but with another site located on the same web server or with some content being used by the site which is being hosted by a third party. At the end of the day, the reputation filtering is designed to protect you from threats, and sometimes this may mean that you are told that the web site you are trying to visit is potentially malicious. If the connection is being blocked by Firewall Enterprise, then an exception entry can be added. However, the decision has to be taken whether accessing this site is more important that protecting you from the nastiness of the Internet in general.

                 

                The web site http://www.trustedsource.org can be used to check site categorization and reputuation scoring. If what you are seeing is a standard SmartFilter block message (based on a web category) you can use this site to submit a request for a web site to be re-categorized (http://www.trustedsource.org/en/feedback/url).

                 

                Hope that helps.

                 

                -Phil.

                • 5. Re: SmartFilter Claims a Website is Malicious When It Isn't -- How to Correct it?
                  Travler

                  PhilM wrote:

                   

                  The problem isn't always with the site you are trying to visit, but with another site located on the same web server...


                  As I understand it (from troubleshooting a McAfee Web Gateway issue), if the URL you're trying to access is "uncategorized", then McAfee will revert to searching for the IP address of that URL.  If, like Phil writes, this URL shares an IP address with other URLs, then McAfee errs on the side of caution which results in the "uncategorized" URL receiving the category of any 'bad' URL that also happens to be using that same IP address.  So, if your company Blocks URLs that are in this category, the only way around this would be to do like Phil suggests and submit a request on the trustedsource.org website, or plead your case to your company's IT dept. to add an exception for the URL you're trying to access.