This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security sites blocked for being a security risk

I do a lot of security research and development for my company. A part of this is visiting various security sites, one fo which is securityfocus.com.

This site was fine until a week or so ago .. and now it is being flagged as being a security risk due to viruses, worms and malware being found on the site. It infact has the raw code for these things that someone like me would to produce rules for IPS/IDS etc.

Is there any way of reclassifying the site (I have added it to the local site list but it doesn't seem to have done anything)

This thread was automatically locked due to age.

0 jak over 12 years ago
Hi,

What is the site being detected as:

"High Risk Website Blocked "

Location: securityfocus.com

BLOCK_RISK

19

Access has been blocked as the threat Mal/HTMLGen-A has been found on this website.

Return to the page you were previously viewing.

Or is web control blocking it due to it being of category "Hacking"?

It would be detected primarily as "High Risk Website Blocked " I would think but if you authorise the address securityfocus.com under "Authorization" in SAV or via the SAV policy, it may then go onto be picked up by Web control as a hacking site. You would then need to adjust the categorisation or the action to allow it.

I guess asking, where is this being classified, on a web appliance or at the endpoint, with version 10 of SAV?

Regards,

Jak
:20131
Cancel
Vote Up 0 Vote Down

Cancel
0 TomA over 12 years ago

Hi Ash_d,
The current categorization of securityfocus.com from SophosLabs is 'Blogs & Forums' and the risk-class is 'Low'. Is it a particular page being blocked, or does it seem that the whole domain is blocked?
If you could send the message from the block page we should be able to help further.
Thanks,
Tom.
:20187
Cancel
Vote Up 0 Vote Down

Cancel