To Customer Support To Customer Support
Solved

Webroot SA blocking my high reputation website

  • 15 September 2016
  • 4 replies
  • 128 views
R
Rank
Hi there, I'm a little confused about something and hoping the experienced folks on here can help me out. I'm going to put as much information as I can down, so it might be quite lengthy - apologies in advance!
 
So I look after a web server with many websites on it. One is my company's main site, which has a very high reputation (96), and there are several others that we maintain, either for different locales or for a variety of customers. 
 
So, I had a report (including a screenshot) from a customer saying one of the sites they were trying to access was blocked by Webroot SecureAnywhere. I have done a test using http://www.brightcloud.com/tools/url-ip-lookup.php and the reputation of this site is 88, as can be seen below (edited the screen to take the map out).
 
?
 
So my first question is why this site is blocked by your service? I'd like to know if there's anything we need to do or improve, but from these results I'm not sure how to go about it.
 
Now, as I said, there are a lot of sites on this same server, the reputations of which vary. There are one or two that have a lower reputation (the worst of which is belzona.jp, our Japanese language corporate site, which only has a reputation of 50 but I'm not sure why) and several sites that I host for customers which have low 'Popularity' rankings but no other negatives.
 
Yet, despite this, if I do a check against the IP address of the web server, I get a Reputation score of 40 and a status of 'Suspicious'. Even though the worst rating of any site I can find on there is 50 and the vast majority are 80+.
 
Does anyone have any idea why or for what reason my IP might have this issue and whether there's anything I can do about it? 
 
I know there's the IP Reputation Change Request (https://www.brightcloud.com/tools/change-request-ip-reputation.php) but I don't want to submit to this without first understanding if there's something I need to change or do in order to secure the better reputation.
 
Thanks for reading and for any help that anyone can give, it will be greatly appreciated.
 
-Rodger
icon

Best answer by RetiredTripleHelix 15 September 2016, 20:11

View original

4 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hello and Welcome to the Webroot Community!
 
May I ask which Operating System you are using?
 
We Beta Testers are using the Web Filter Extension with a Web Filter Driver so this Web Page is safe so you can click allow to go to the site. Now if you are using Windows 10 try that Web Page using Microsoft Edge and it will show fine as the Driver is only active for all users of Windows 10 for the Edge Browser, at some point in the near future Webroot will activate the Driver for all OS's and users but for now IE, Firefox, Chrome and Safari are only supported with the Web Filter Extension so it will show that site as bad but it is safe and just allow to get there!
 
http://www.rumfordgroup.com/
 
Thanks,
 
Daniel ;)
 
See here for us Beta Testers it shows Safe so your fine to go there!
 
??
 
 
R
Rank
Hi Daniel, I really appreciate the reply, thank you.
 
I'm intrigued to know more about the Web Filter Extension and why the site would be flagged on all 'mainstream' browsers for non-beta users? It's not myself trying to access the site, it's one of our customers, so I'm not sure about the browser or OS they're using.
 
I know that this particular site (rumfordgroup.com) is safe... it's my site (well, my team's!), but I'm still intrigued to know if there's anything that could be causing this false positive on our customers' computers when trying to access it?
 
Is it likely to be related to the reputation of the IP and, if so, is there any way to investigate what is causing the low reputation of the IP address (despite none of its hosted domains having such a low reputation) and whether there's anything I need to do on our server before submitting a reputation change request?
 
Thanks so much for your time in helping us out,
-Rodger
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hello Rodger,
 
It's still in the Beta stage and the Driver will add to the Extensions and make things more accurate in the future as the Webroot BrightCloud Threat Intelligence Network is always being upgraded and updated all the time.
 

 
HTH,
 
Daniel 😉
R
Rank
I really appreciate the responses thanks Daniel, but I'm not sure I'd consider this issue 'solved'.
 
I understand that the site may be blocked because of a beta version of the Webroot SA programme (although that doesn't answer whether there's anything I can do about it and the reasons as to why the beta version is picking it up), but the other part of my question still stands:
 
For what reason does my IP address hold such a low reputation when none of the sites hosted on the server have such a low reputation and is there anything I should do about it other than submitting a change request? 
 
Thanks again for your help.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.