So there is this news web site in Portland, OR called www.wweek.com (Willamette Week) and as you can see here Application Control sees this site as an application that has been categorized as high risk. Of course, we block this application category, but is it really an application?
Application: wweek.com
Category: High Risk
Well let me take a look at my list of 7885 applications in R80.10 manager - NO, it is not there. OK, so that is one discrepancy, next I say 'how did they get categorized as 'High Risk'? I go to my trusty Checkpoint categorization/url filtering web site and I find they are in News/Media. Now I go to my blocked categories group and look there but I do not find this category in that custom group that I have blocked. Still digging now I go to Smart Logs and apply this filter 'app_category:"News / Media", run the query and walla! I find a collection of blocked 'News/Media' traffic on both port 80 and 443 including BBC - really! but no wweek.com in the last month (really, again). OK, now I'm really digging deep and looking into 'Additional Categories' and I find Phishing,News / Media,High Risk,URL Filtering. OK, now I am checking a half dozen blacklist sources to try to discover how/why this site is classified as High risk. I cannot figure this out, HELP!
For http://wweek.com
Categories: News / Media