Hi vadim ,
After all that was posted here, your input was just confusing ... "more than ever" as they use to say here
I am sure that some advanced users will get some sense out of it
,... but it would be highly appreciated if you would clarify what that suppose to mean to the "ordinary user"
I hope that Comodo will not deploy this kinda blurry answers ... getting to be a pattern here lately... unfortunately
I've posted a comment to a question about one of report. I am sorry if it's not an understandable.
So, I try to explain this question in other words.
SI uses a different mechanisms and sources for detection of malicious web-pages. In some cases SI can identify malicious activity exactly ("High Risk" reports), but in the other cases not exactly ("Medium Risk" reports).
For example, some web-page returns dangerous code, but not for each user requests, only for some of them (e.g. selected by geo-zone). When SI scans such page it can get redirect to other page ("Inconclusive" report) or get safe web-content ("Safe" report). But SI also uses different black lists and if this web-page was found in there SI generate "Medium Risk" report.
SI in the current version, detection mechanisms can detect the several URL statuses, based on the different results:
- Inaccessible - URL is inaccessible.
- Redirected - URL is redirected to another domain.
- Unavailable - requested page is not available.
- Safe - no malicious code, files or activity detected.
- Medium risk:
- Suspicious - the page performs actions that are unusual.
- Hosts Malware - the page hosts malware files.
- Blacklisted - the page has been blacklisted.
- Suspicious IP match - the page are hosted on the unsafe IP.
- High risk:
- Malicious - the page contains an active exploit which tries to infect the users computer or dangerous scripts that may attack a browser.
- Malware file - direct link to malware file.