To Customer Support To Customer Support
Solved

Web Shield vs Website has been reported as unsafe

  • 20 December 2013
  • 12 replies
  • 170 views
E
Rank
Userlevel 5
Badge +22
Googled "excel vba how to replace part of a string" and was enticed by a "Re: How to replace ampersand charater..." thread.  While I normally use the google cache for certain sites and  unknown sites, I became sloppy due to the big Green Circle with White Checkmark.
 
Webroot then popped up a "This website has been reported as unsafe" which read as follows
=========================================
<URL>
 
We recommend that you don't continue to this website because it has been reported to contain the following threats:
Suspicious threat:
This is a suspicious site.  There is a higher than average probability that you will be exposed to maliciious links or payloads.
=========================================
 
 
Now, the link in Google has an exclamation instead of checkmark.
 
Am I correct in thinking the "green checkmark" simply meant the page itself was either safe or not previously reported but the next popup either determined the page was unsafe or that links on the page were not safe.
 
Elaboration is always good... well, almost.  :D
 
 
 
icon

Best answer by Baldrick 20 December 2013, 19:59

View original

12 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hello nice to see you again here is a chart of what the Web Shield determinations when doing searches: http://www.webroot.com/customerSupport/repchangerequest.php
 
Also if you feel that Website it good just fill in the form above!
 
Cheers,
 
Daniel
Baldrick
Rank
Userlevel 7
Hi ExpertNovice
 
From what I understand that there are a number of factors that can influence the allocation of the rating and it is possible that initially someone or some people flagged it as good via the Webroot's URL Reputation Change Request page (click here) or as you say the initial Webroot rating is 'good'.  Or the initial rating by Webroot is 'bad' but before you get to the site other users  encounter it, and get the message that says Webroot has detected that the site might have something on it. They then hit allow to go to the site anyway. When this happens WSA will give it a good reputation based off of that.
 
However, what is there to prevent concerted effort by nefarious persons to get bad site effectively whitelisted/listed as reputable, by click 'Allow', etc.?
 
Apparently, and I am quoting  @ from Webroot, "the way it works is thus. Say we all go to a site that Webroot says is bad, we all know that it is a good site and we tell webroot to allow it. This is added to what Brightcloud knows about the site. Our tech guys then look at all the information about the site, from us and other ppl that use the site. The also look at the site them selves. As long as everything about it looks good they then give it a good rep. So there is more to the process then just you saying that it is a good site."
 
Take a look at the URL Reputation Change Request page and I think that you will understand the above...if I have not completely confused by a rambling reply.
 
Update: One thing to note is that at present the quickerst way to notify Webroot of site's reputation is via the URL Reputation Change Request page.  Whilst clicking 'Allow' on the WSA prompt will work but take longer.  But there are apparently plans to improve the speed of the latter mechanism...but not currently. 
 
Regards
 
 
Baldrick
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
E
Rank
Userlevel 5
Badge +22
Baldrick,  Thanks.  Your response was quite helpful!  It explained quite a bit more about how the ratings are applied.
 
Triple, As always, thank you!
 
Interesting:
Initially, the webpagehad a rating of 81+.
Clicked link and Webroot issued the "unsafe" warning dialog.
Closed browser.
Googled again.
Webpage still had an 81+ rating.  (Captured this).
Clicked link again and got the same warning.  (Captured this).
A few  minutes later the webpage had a rating of 21-40.
 
BTW, had I paid attention to the Excel website the Web Shield rating would have been ignored and I would have used the Google Cache for the information.  That website used to be good but, at some point, became "bad".  Over the past year that is one of three websites that have resulted in a file being quarantined.  (It helps that I only purposely visit "legitimate" websites...)
Baldrick
Rank
Userlevel 7
Hi ExpertNovice
 
Happy that helped.  Have to admit that I credited the wrong Shawn...it should have been @ (my humble apologies Shawn 😳 ...and to you too @  ).
 
We are obviously all learning as the feature is new...but that is part of the fun.  Keep posting on this if you discover any more on this topic.  Clearly this is an interesting area, especially after reading what you have posted since. :D
 
Have a great weekend
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
shorTcircuiT
Rank
Userlevel 7
Baldrick, Your above long explanation is not only Kudo worthy, it is ALSO tag worthy to be used as a reference link itself in the future for others who have questions about it.
 
Well done!
Baldrick
Rank
Userlevel 7
David
 
Thanks.  You are too kind. :$
 
It was a collective effort.  I just collated others wisdoms, predominantly Shawn Gould's, who deserves much credit for sharing his knowledge with us here at the forum.
 
This is such a great place to frequent/be part of. 😃
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
shorTcircuiT
Rank
Userlevel 7
@ wrote:
David
 
Thanks.  You are too kind. :$
 
It was a collective effort.  I just collated others wisdoms, predominantly Shawn Gould's, who deserves much credit for sharing his knowledge with us here at the forum.
 
This is such a great place to frequent/be part of. :D
That is exactly what makes it such a great reply IMHO.
 
🙂
ShawnGould
Userlevel 4
I need to change this just a bit. If you are wanting to get a good rating for a website in a faster time, then you follow the link provide. By hitting allow when webroot says the site is bad, will work, but takes longer to get there. It is not going to be something that happens right away no matter what way you go, but the brightcloud link is the faster route to take for it.

So the best thing to do, when wanting to get a website reclased is to go to www.brightcloud.com enter the URL and follow the instructions.
Whatever words we utter should be chosen with care for people will hear them and be influenced by them for good or ill. Buddha Online Interaction Specialist
Baldrick
Rank
Userlevel 7
Hi Shawn
 
Thanks for the update.  Duly noted and registered.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
R
So if I'm understanding the "reported as unsfafe" function, if a group of people don't like a site's political or religious orientation, all they have to do is get a group of people to report the site as unsafe and it will give the site the unsafe designation.  
 
Does anyone else see the problem with that?
nic
Userlevel 7
Badge +56
@ wrote:
So if I'm understanding the "reported as unsfafe" function, if a group of people don't like a site's political or religious orientation, all they have to do is get a group of people to report the site as unsafe and it will give the site the unsafe designation.  
 
Does anyone else see the problem with that?
The reports are reviewed by Webroot, so it isn't automatically blocked just based on that.
Baldrick
Rank
Userlevel 7
Hi rcraighogan
 
As Nic quite rightly points out reputation derivation is a far more sophisticated process than just listening to what the majority of users say, to prevent precisely what you have asked about.
 
That does not mean to say that Webroot/BrightCloud get it righht all the time...but in the main the way they do is pretty good.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.