I used to visit www.bakingbites.com almost daily with no problems, but early this year (2014) Webroot suddenly began blocking it as Suspicious. Just checked it with BrightCloud, which shows that the site had 2 infections within 12 months; I'm assuming this is what put the site into the "Suspicious" category. No details are given as to how long ago the most recent infection was, and so I'm wondering how much longer the site has to remain infection-free before Webroot/BrightCloud will lift the "blockade", lol. Is there any way to find this out?
Also on the same subject, would the site automatically be moved up to the next safer category once a certain amount of time has expired since the last 'problem'? Or does the site owner have to specifically request a re-evaluation?
I am curious because I recently asked a few people who are using a different security product to try to visit the site and none of them were blocked. Also checked it myself on URLvoid.com which gave it a clean bill of health. So now I'm starting to wonder if the classification is justified, or if the other products/blacklist engines are simply not being careful enough, LOL
Page 1 / 1
Hi gardener
Welcome to the Community Forums.
A very good question, if I may say, and one that I would be interested in hearing the answer to.
Perhaps@ one of Webroot's excellent Threat Researchers can answer this question for us/provide the requested information?
Regards, Baldrick
Welcome to the Community Forums.
A very good question, if I may say, and one that I would be interested in hearing the answer to.
Perhaps
Regards, Baldrick
I'll ping one of the Brightcloud folks and see if I can find out the answer for you. People are out for the holidays so it might not be instant, but I'll let you know what I find out.
Hi Nic
Thanks, as always...much appreciated. I am awaiting the answer with great interest.
Regards, Baldrick
Thanks, as always...much appreciated. I am awaiting the answer with great interest.
Regards, Baldrick
Thanks everyone, I do realize it's a holiday weekend/week and it may take some extra time to find the answers. :-) Hope everyone had a "merry"!
Just as an FYI/update: Since there had been no further responses to my original question, I contacted BrightCloud directly via their website with the same question. I received a reply via email within 24 hours, on Jan 8th, saying that a request for a re-evaluatiion would be forwarded to their site review team; I just checked via going directly to the bakingbites site and found that the block has been lifted. 🙂 Thanks, BrightCloud! However, I still do not know if BrightCloud has a set schedule for re-evaluating and/or reclassifying sites. It may simply be that once a site has been flagged or blocked, it remains that way until or unless someone (either the site owner or a potential site user) contacts BrightCloud with a re-eval request. Of course, this presupposes that the site owner has been made aware that Webroot is blocking them. It's particularly problematic when other AV suites are not blocking the site, but BrightCloud is. A user would need to ask someone who is using a different (non-blocking) security product to contact the site owner and give them a heads-up.
See this: http://www.brightcloud.com/pdf/BCSS-WRS-DS-us-021814-F.pdf
The BrightCloud Web Reputation Service is powered by the Webroot
Intelligence Network (WIN). Through cloud-based analytics and the most
advanced machine learning in the industry, WIN has classified over 13
billion URLs to date. Through the power of WIN, intelligence on new and
known sites is continuously created and refreshed, ensuring that reputation
scores are always as current as possible. Any time a user visits an
uncategorized site, the site is dynamically crawled and scored and each
website’s score, known as the BrightCloud Web Reputation Index (WRI), is
checked and adjusted over time.
Also you can submit change reqests here: http://www.brightcloud.com/tools/change-request-url-categorization.php
Hi gardner
That is very interesting information. But another way of notifying BrightCloud of a potential false positive/need to reclassify a site is that when you are blocked locally from entering it, and you know that it is safe, then you can click the 'Unblock and proceed' button on the WSA blocking web page and not only will that whitelist the site locally for you for the future but it will also notify BrightCloud of the local override and as I understand it these are also picked up and used to trigger re-evaluatios of the sites reputation.
Hope that is of assistance?
Regards, Baldrick
That is very interesting information. But another way of notifying BrightCloud of a potential false positive/need to reclassify a site is that when you are blocked locally from entering it, and you know that it is safe, then you can click the 'Unblock and proceed' button on the WSA blocking web page and not only will that whitelist the site locally for you for the future but it will also notify BrightCloud of the local override and as I understand it these are also picked up and used to trigger re-evaluatios of the sites reputation.
Hope that is of assistance?
Regards, Baldrick
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.