Knowledge Center

Explanation of Global Threat Intelligence Site Ratings for Endpoint Security and SiteAdvisor Enterprise
Technical Articles ID:   KB53369
Last Modified:  6/26/2019


McAfee Endpoint Security Web Control 10.x
McAfee SiteAdvisor Enterprise 3.5


What is a Site Rating?
The Site Rating is the McAfee opinion of a website's reputation. The Site Rating is based on several attributes that McAfee believes provide the best indication of a site's reputation over time. These attributes include suspect downloads, browser exploits, number of email messages sent by the site, affiliations with other sites, and pop-ups.

McAfee uses proprietary data collection and analysis techniques to visit sites and gather information about a website's behavior. As explained below, results from the data collection process for each site are posted on the site's dossier page.

The Site Rating reflects how McAfee interprets the collected data. The Site Rating lets you know whether there are potential issues before and during your visit to a website. The Site Rating is especially useful for you when are considering visits to unfamiliar sites.

Why is a site rated red?
Sites are rated red if any of the following conditions exist:
  • If the site poses especially hazardous risks to your computer security
  • If there is an exceptional number of annoying behaviors
  • If there is exceptional information that McAfee believes users would want to be aware of before or during a visit to that site
Behavior that typically leads to a red Site Rating include:
  • A known malicious exploit or phishing site
  • A site that makes unrequested or unexpected system changes
  • A site that hosts malware for download

Sites might also be rated red in the following situations:

  • If McAfee receives a large or unexpected volume of email to the unique email address that McAfee submitted to that site
  • If the email that McAfee received exhibited characteristics consistent with spam email as determined by an automated scanning program.
  • If certain types of linking behavior occur with other red sites
  • If McAfee finds a site that engages in activities that McAfee believes could be misleading

Why is a site rated yellow?
Sites are rated yellow when the site exhibits behavior or has a history of behavior that McAfee believes users would want to be aware of. But, for yellow sites these factors are not as severe as they are for red sites, or there are other mitigating factors that weigh in favor of a yellow rather than a red rating.

Why is a site rated gray?
Sites are rated gray if McAfee has either no evidence or is collecting evidence about a site. If you would like your site to be tested, submit your request on the feedback form at http://TrustedSource.org.

Site Dossiers
Aside from behavioral aspects of a site, such as pop-ups and spam, McAfee presents certain details about a dossier page for each site that is tested. You can view these dossiers at http://TrustedSource.org. Dossiers typically list a sampling of specific downloads found on the site, whether those downloads are classified as malware, and how they are rated. Dossiers also include a sampling of headers from email received at the email address submitted to the site, and how the email scored for spam-like behavior (their "spamminess"). Also, the dossier provides a sample of links to other sites and indicates the Site Rating for those sites.

Further comments or information about a Site Rating can also be included in the Staff Comment section. There is always a section where you can provide your own comments and insight regarding your experience with the site. Site owners can also provide comments in the website owner section.

Specific attributes used for Site Ratings
McAfee evaluates the following attributes of a site. While reviewing attributes that affect these areas, McAfee performs specific tests to gather information regarding these attributes. The red, yellow, and gray scores are computed from the outcome of these tests.

  • Browser Exploits
    McAfee performs tests using proprietary behavioral automation tools to detect exploit presence on a site. An exploit is any content that forces a web browser to perform operations that you do not explicitly intend.
  • Links (online affiliations)
    McAfee performs a statistical analysis on the URL links that join one site to another. Depending on a set of statistical rules, McAfee can determine that a site is unofficially affiliated with another site and is effectively directing the latter's traffic.
  • Downloads
    To look for malware, McAfee performs tests on the binaries hosted and directly linked on a site. If malware is present, it is classified according to the McAfee Anti-Virus Scanning Engine. Ratings are also based on program behavior. This classification is scored accordingly, and McAfee performs statistical operations to determine a site's rating.
  • Email practices
    Received mail
     - McAfee first enters a valid, unique email address into a site's registration form. McAfee then measures any mail that is received at this unique address. McAfee then scores the site according to the quantity of mail received and the "spamminess" of the email. A statistical analysis of this collected data helps McAfee determine the score.

    Unsubscribe - If McAfee receives email at an address submitted to a site, McAfee tries to unsubscribe. If unsubscribing is not successful after several tries, the site is rated accordingly.

    Posting email addresses - McAfee enters a unique set of valid personal contact information into the registration form on the website. McAfee then sees whether that email is posted on the Internet in its unaltered form. McAfee also measures whether the posting results in our receiving spam from this data.
  • Annoyances
    - McAfee records how many pop-ups occur when each site to be tested is visited. McAfee performs a statistical analysis to appropriately rate this area of the tests.

    Browser change requests - McAfee also monitors prompts to change a browser's home and search page settings when visiting a site.
  • Commerce
    - McAfee uses proprietary real-time antiphishing content to provide you with phishing protection.

    Scam - McAfee establishes objective tests and a series of control groups and the scope of the intended tests. Evidence is collected from a set of established tests, and sites are rated accordingly.

Previous Document ID


Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.