Uncle Ben told Peter Parker “With great power comes great responsibility”. With TMG Reporter and Webspy Vantage you gain total visibility of what your users are up to. This allows you to make informed decisions that can be backed up with hard data.
One great feature of Forefront TMG is URL filtering. Simply put, it knows which sites belong to which category and based on your rules, allows or denies access. Forefront TMG and other products use Microsoft Reputation Services to lookup the site category.
This is a great system as it relies on centralized / partnered and crowd sourced data to populate and keep the lists up to date. Having said that, it is not perfect and some sites do slip through the cracks especially new or small sites.
Fortunately, TMG Reporter can help you find any site that has not been categorized by Forefront TMG’s URL Filtering service. You can then use this information to manually override the site and assign it to the correct category, but you can also submit the site to Microsoft Reputation Services (MRS), so everyone can benefit from your discovery!
I was going through a daily report and saw that the bulk for the top user came from a single site. By simply doing a mouse-over I could see what site it was. Looking up the site it became clear that this was a remote proxy site. This kind of site should normally be categorized as Anonimizers. Looking up the site in Forefront TMG did not identify the site at all.
Finding Uncategorized Sites
You can easily find all sites that have not been categorized by Forefront TMG. Simply run an Overview Report, click the Filters button, and enter the filter “Category Equal to Unknown”. You may also like to add the filter “Action Equal to Allowed”, to find any allowed uncategorized sites.
Click Run Report, and then go to the Top Sites by Size section of the report. Here you’ll see all the sites that Forefront TMG has not been able to categorize.
Categorizing Sites Correctly
Once you have identified an uncategorized site, the first thing to do is manually override the site category. This is done in Forefront TMG as Fastvue TMG Reporter simply uses the logged URL category to determine a site’s productivity.
Secondly (and this is the part where you can make the world a better place), do the right thing and submit the site to Microsoft Reputation Services. This way, your discovery can also benefit other users of the service!
Manually Overriding the site in Forefront TMG
- Open the TMG Management console
- Select Web Access Policy
- Check that the Tasks tab is selected in the right hand pane
- Click Query for URL Category
- Enter in the URL and click the Query button
- This should confirm the site has not been categorised by MRS (you can see this in the description)
- Click the URL Category Override tab
- Click the Add button
- Enter the URL
- Select the correct category
- Click OK
- Apply the setting and wait for the configuration to sync
Submitting the site to Microsoft Reputation Services (MRS)
Click this link https://www.microsoft.com/security/portal/mrs/default.aspx or click the link at the bottom of the URL query screen to go the the Microsoft Reputation Services page.
- Enter the URL you have discovered and click the Get Categories button
- You will notice the current categories section says:
“The URL you provided was not found. You may still provide feedback by suggesting up to five (5) categories”
- Now it is simple a case of selecting the correct Category from the list (in this case Anonimizers)
- Solve the CAPTCHA
- Click Submit Report
That’s it! As you can see it take no more than a few seconds to submit a site for categorizing. This is where the great power and responsibility lines comes in. Fastvue TMG Reporter and WebSpy Vantage give you the information, it’s up to you to decide what to do with it!