Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
3
Replies

Advertising on legitimate sites

AdamScott_ironport
Level 1
Level 1

‎09-09-2008 04:09 AM

Hi, we have recently installed a S650 in our organisation and are having trouble with certain legitimate websites who use third party advertising.

One example is www.heraldsun.com.au - because of the advertisment being detected as malware (one of those ad's which display over the top of the content i assume) it throws back a full page block from the wsa.

I have added the url's to the Custom URL Categories on the WSA but it doesnt help as the ad's are usually from places like adserve, etc.

We are at a bit of a loss as to how we can allow our staff to access this newspapers website.

Any help would be appreciated,

Adam

Labels:
0 Helpful
3 Replies 3

jowolfer
Level 1
Level 1

‎09-09-2008 04:12 PM

Adam,

Please verify the URLs that are being blocked, via the access logs. One thing that may be causing trouble is that you might be blocking the 'Advertisements' web category. If this is the case, it is recommended that you set the advertisements to 'monitor' instead of block (for this exact reason).

If the advertisements really contain malware, this is correct behavior. If this is an incorrect policy match, we can figure out what is causing the block by looking into the access logs.

What version of the WSA are you running on?

0 Helpful

AdamScott_ironport
Level 1
Level 1

‎09-17-2008 05:14 AM

Josh,

Model: S650
Version: 5.5.2-030 for Web

I have looked into the BLOCK and this is the error:

(1, MALWARE_GENERAL, BLOCK-MALWARE, , 0x0011f8cf, 1221623970.890, AAAATAAAAAAAAAAAJP8ACP8AAAA=, http://as.starware.com/dp/search?x=wKX1ILEOi+V4Si9t41cP... extremely long code here)


Advertisements are set to monitor, but naturally malware is set to block.

Is there any way around this short of a custom url for starware.com?

Thanks

0 Helpful

jowolfer
Level 1
Level 1

‎09-17-2008 08:01 PM

This domain "as.starware.com" has hit many of the bad reputation metrics and is currently listed as -6.35.

The only way to get around this would be to lower your WBRS block threshold or create a rule to white list the site.

I don't recommend allowing this traffic, since the reputation deems the site untrustworthy. If you lower the block threshold, at least the objects will still be scanned by the anti-malware engines.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents