This article applies to:
- Trustwave MailMarshal (SEG)
- Blended Threats service
Question:
- What do users see when the Blended Threats service blocks browsing to a URL?
- What do users see when the Blended Threats scan determines that a URL is safe?
Reply:
When Trustwave SEG processes a message using the Blended Threats function, URLs in the message subject and body are updated so that the URL content can be scanned in real time.
When the user clicks a rewritten URL, the Blended Threats server evaluates the page using several validation methods, potentially including a live scan of page behavior.
-
While the evaluation is in progress, the user may see a "Scanning - Please Wait" notice.
-
Once evaluation is complete, if no threats are found the user will be notified and redirected to the original site.
-
The service caches results for a short period. If the target page was very recently checked and no threats were found, the user will immediately be notified and redirected to the original site.
Caution: Even if no threats are found, users should always take due care, particularly if the site requests credentials or personal information.
If the content is blocked the user will see a result similar to the below image. Detailed information varies depending on the specific functionality that returned the result.
In some cases the scan notes a page as suspicious, but with lower confidence. In these cases the validator page presents a warning, but allows click-through to the original site.
