Baldrick (who has an icon with long hair... :D) gave a great explanation on this topic but this is a bit different.
I am confused about why Webroot would block me from opening a webpabe with a BrightCloud reputation of 92 or 96 that is well visited and established.
From google search, three URL's are involved which will be called Link # later in this post.
1. The link found:
forums.creativecow.net/thread/30/866686
2. Google Cache
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&uact=8&ved=0CGwQIDAG&url=http%3A%2F%2Fwebcache.googleusercontent.com%2Fsearch%3Fq%3Dcache%3ApLlIm6LuZpQJ%3Aforums.creativecow.net%2Fthread%2F30%2F866686%2B%26cd%3D7%26hl%3Den%26ct%3Dclnk%26gl%3Dus&ei=zTD0U9bqLMidygTl7ICwCw&usg=AFQjCNGW6CbWydbmVfFluFd4mIlJi2SilA&bvm=bv.73231344,d.aWw
3. The blocked, unsafe link as reported. It begins with the http%3a%... in link 2 which translates to:
http://webcache.googleusercontent.com/search?q=cache:pLlIm6LuZpQJ:forums.creativecow.net/thread/30/866686+&cd=7&hl=en&ct=clnk&gl=us&ei=zTD0U9bqLMidygTl7ICwCw&usg=AFQjCNGW6CbWydbmVfFluFd4mIlJi2SilA&bvm=bv.73231344,d.aWw
So,the Google Cache (link 2) is opened and Webroot blocks me with this message.
Webroot Blocked Navigation.
This website has been reported as unsafe
<link 2> is listed
So, off to BrightCloud URL/IP lookup. Here are the results
LInk 1: Reputation 96, infections past 12 months: no, Popularity: medium, Age 55 months (establish)
Link 2: Reputation 92, infections past 12 months: no, Popularity: high, Age 99 months (establish)
Link 3: Reputation 92, infections past 12 months: no, Popularity: high, Age 31 months (establish)
Ok, enlighten me!
Page 1 / 1
I just checked the links you provided and none were blocked, which would be consistent with the Brightcloud reputations. We would need to see your logs in order to determine what may be causing this.
Thanks,
-Dan
DanP,
Thanks. A support case has been opened with the same subject; category "other", and containing your name. WSALogs will follow shortly.
Curiosly, While Webroot blocked the website twice last night, it is not being blocked this morning. Hey, I don't have time to make this stuff up! 😃
Thanks. A support case has been opened with the same subject; category "other", and containing your name. WSALogs will follow shortly.
Curiosly, While Webroot blocked the website twice last night, it is not being blocked this morning. Hey, I don't have time to make this stuff up! 😃
I replied to your ticket. From what I'm seeing it appears that the BrightCloud reputation was updated between the time you saw the blocks last night and when you accessed them this morning.@ wrote:
DanP,
Thanks. A support case has been opened with the same subject; category "other", and containing your name. WSALogs will follow shortly.
Curiosly, While Webroot blocked the website twice last night, it is not being blocked this morning. Hey, I don't have time to make this stuff up! :D
-Dan
Hi Dan
Hope that you are well?
I am sure that I have asked this before (and that you have most probably replied already)...but I forget. When one cllicks to bypass the Web Threat Sheild block on a web site, it only affected the client on which the block is bypassed, right? There is no feed back to the Cloud that this has happened, which could then be taken into account re. the reputation statistcis for a site?
Reason I ask is that if there was something like that it might be a good way of Webroot picking up when a reputation was...how may I put it politely?...not up to scratch?
Just a thought.
Regards
Baldrick
Hope that you are well?
I am sure that I have asked this before (and that you have most probably replied already)...but I forget. When one cllicks to bypass the Web Threat Sheild block on a web site, it only affected the client on which the block is bypassed, right? There is no feed back to the Cloud that this has happened, which could then be taken into account re. the reputation statistcis for a site?
Reason I ask is that if there was something like that it might be a good way of Webroot picking up when a reputation was...how may I put it politely?...not up to scratch?
Just a thought.
Regards
Baldrick
@ wrote:
Hi Dan
Hope that you are well?
I am sure that I have asked this before (and that you have most probably replied already)...but I forget. When one cllicks to bypass the Web Threat Sheild block on a web site, it only affected the client on which the block is bypassed, right? There is no feed back to the Cloud that this has happened, which could then be taken into account re. the reputation statistcis for a site?
Reason I ask is that if there was something like that it might be a good way of Webroot picking up when a reputation was...how may I put it politely?...not up to scratch?
Just a thought.
Regards
Baldrick
You are correct, the override is only on the affected client.
I don't personally receive any reports on BrightCloud URL overrides or have access to that data.
-Dan
Hi Dan
Thanks for the reply. Do you think such a feature would be a useful addition to the Webroot arsenal...or a hindrance?
Cheers
Baldrick
Thanks for the reply. Do you think such a feature would be a useful addition to the Webroot arsenal...or a hindrance?
Cheers
Baldrick
Bakdrick,
Just in case it matters, I did not and would not bypass (click the unblock button) a blocked website. if I'm gonna trust WSA then I'm gonna trust it. Of course, I want to understand it and you really helped with a similar question.
The only reason the website was tried again today was to respond to DanP's response. I was shocked. 🙂
Just in case it matters, I did not and would not bypass (click the unblock button) a blocked website. if I'm gonna trust WSA then I'm gonna trust it. Of course, I want to understand it and you really helped with a similar question.
The only reason the website was tried again today was to respond to DanP's response. I was shocked. 🙂
I know you were not asking me but... , "Do you think such a feature would be a useful addition to the Webroot arsenal...or a hindrance?"
People may be clicking through BECAUSE the website is dangerous. Testing protections, verifying THEIR website is working by infecting vistors. Falling asleep and clicking the wrong button.
People may be clicking through BECAUSE the website is dangerous. Testing protections, verifying THEIR website is working by infecting vistors. Falling asleep and clicking the wrong button.
Hi ExpertNovice
I do understand where you are coming from...and it is each user's choice. Given that Brightcloud is sometimes 'behind the times' re. reputation if the site that is being blocked is known to me then I do unblock locally. If however the site is not well known to me then I do follow the cautious approach...as it is the safest.
Regards
Baldrick
I do understand where you are coming from...and it is each user's choice. Given that Brightcloud is sometimes 'behind the times' re. reputation if the site that is being blocked is known to me then I do unblock locally. If however the site is not well known to me then I do follow the cautious approach...as it is the safest.
Regards
Baldrick
DanP,
Thanks. The case was updated, but in case this thread helps others better their understaning, this was my follow up question. Oh, it has been modified but can't update the support post, black text is the updated portion.
My question, is why would a website known for 31-99 months, with medium to high popularity, and 92-96 reputation have been too dangerous 20-45 minutes earlier. so dangerous it was blocked but within 20-45 minutes have such a high ranking. If it were a new website that would make sense but after 3 to 9 years it is unlikely to have become unblocked been rerated from unsafe to safe at that exact time! :D
I'm interested in the timing and reasoning. These are made up times as 15 minutes could easily be 45. I was not watching the clock.
1. got blocked from google cached website
2. within 2 minutes checked the reputation for both the primary and google cached website.
3. within 10-15 minutes noticed the blocked website was neither of the above, reconstructed (eg changed %20 to space) and checked its reputation.
4. documented and opened case.
Thanks. The case was updated, but in case this thread helps others better their understaning, this was my follow up question. Oh, it has been modified but can't update the support post, black text is the updated portion.
My question, is why would a website known for 31-99 months, with medium to high popularity, and 92-96 reputation have been too dangerous 20-45 minutes earlier. so dangerous it was blocked but within 20-45 minutes have such a high ranking. If it were a new website that would make sense but after 3 to 9 years it is unlikely to have become unblocked been rerated from unsafe to safe at that exact time! :D
I'm interested in the timing and reasoning. These are made up times as 15 minutes could easily be 45. I was not watching the clock.
1. got blocked from google cached website
2. within 2 minutes checked the reputation for both the primary and google cached website.
3. within 10-15 minutes noticed the blocked website was neither of the above, reconstructed (eg changed %20 to space) and checked its reputation.
4. documented and opened case.
Hi ExpertNovice
I may not have asked you...but your view is most welcome...and I see where you are coming from. I am just intrigued as to whether the collection of such statistics would help Brightcloud spot sites that need to be investigated more closely becuase of a large number of local overrides...might also indicate that there is an issue with reputation, etc.
Just a thought...;)
Regards
Baldrick
I may not have asked you...but your view is most welcome...and I see where you are coming from. I am just intrigued as to whether the collection of such statistics would help Brightcloud spot sites that need to be investigated more closely becuase of a large number of local overrides...might also indicate that there is an issue with reputation, etc.
Just a thought...;)
Regards
Baldrick
good point!
That kind of data is absolutely benneficial, and I've wanted access to it for some time now. Since I don't have access to that data, I can't really comment further on that.@ wrote:
Hi Dan
Thanks for the reply. Do you think such a feature would be a useful addition to the Webroot arsenal...or a hindrance?
Cheers
Baldrick
-Dan
I'll have to check with the BrightCloud folks on this one.@ wrote:
DanP,
Thanks. The case was updated, but in case this thread helps others better their understaning, this was my follow up question. Oh, it has been modified but can't update the support post, black text is the updated portion.
My question, is why would a website known for 31-99 months, with medium to high popularity, and 92-96 reputation have been too dangerous 20-45 minutes earlier. so dangerous it was blocked but within 20-45 minutes have such a high ranking. If it were a new website that would make sense but after 3 to 9 years it is unlikely to have become unblocked been rerated from unsafe to safe at that exact time! :D
I'm interested in the timing and reasoning. These are made up times as 15 minutes could easily be 45. I was not watching the clock.
1. got blocked from google cached website
2. within 2 minutes checked the reputation for both the primary and google cached website.
3. within 10-15 minutes noticed the blocked website was neither of the above, reconstructed (eg changed %20 to space) and checked its reputation.
4. documented and opened case.
-Dan
Ah ha, Dan
Methinks I am going to have to construct an new featire request in the Ideas Exchange...re. this one...;)
Regards
Baldrick
Methinks I am going to have to construct an new featire request in the Ideas Exchange...re. this one...;)
Regards
Baldrick
I just wanted to follow up on this one. That data is collected in order to improve the reputation system.@ wrote:
Hi Dan
Hope that you are well?
I am sure that I have asked this before (and that you have most probably replied already)...but I forget. When one cllicks to bypass the Web Threat Sheild block on a web site, it only affected the client on which the block is bypassed, right? There is no feed back to the Cloud that this has happened, which could then be taken into account re. the reputation statistcis for a site?
Reason I ask is that if there was something like that it might be a good way of Webroot picking up when a reputation was...how may I put it politely?...not up to scratch?
Just a thought.
Regards
Baldrick
-Dan
Hi Dan
Ok, good to know...thanks for coming back on that one.
Have a great weekend.
Regards
Baldrick
Ok, good to know...thanks for coming back on that one.
Have a great weekend.
Regards
Baldrick
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.