TheESETuserTHATis
-
Posts
11 -
Joined
-
Last visited
Posts posted by TheESETuserTHATis
-
-
Thank you both!
-
https://myfoodchain.com
Our users are reporting that when attempting to visit executive coaching site https://myfoodchain.com/whos-buying that they are receiving a block due to threat found: JS/Agent.QMH trojan .
Virus total reports 2/86 security vendors flag the site as possibly containing malware.
Could you determine if the threat or malicious code is still active on the site?
-
Our users are trying to access https://sourceone.nazdar.com/ but are getting message ..:
Threat found
JS/Spy.Banker.KF trojan
If I run a virus total scan on the address https://www.virustotal.com/gui/url/5ee09f717ea29df9a0d87c1fd884cae447b8f10bd952500faa3456c727106e34/detection it comes up clean with all services except Quttera. But if I go to the Quttera site and run a scan on that address, it comes up clean.
Can you determine if the threat is still active, and then either unblock them if the threat is not active or let us know specifically the infected file path so that we can contact the site owners to have them remove the threat?
-
Are you able to see what the issue is with hxxps://macmetalarchitectural.com ? If I go to a policy of a machine and go to settings -> web and email -> Web access protection -> URL address management -> Address list -> list of allowed addresses ... and add it there ... then the browser times out when visiting and ESET shows nothing in the logs.
However, if I visit the site from a Linux machine with an older version of Firefox and without ESET installed, the page loads right away and can be navigated.
-
Thanks Marcos, where/how do I get it to display like that? My object column is not showing as much information.
-
How do I find the file? This is all the detection details is telling me, I only see the URI and IP:
Web protection
An attempt to connect to URL
Occurred
2021 Feb 24 13:12:49Cause
blockeduser.domain.com
user.domain.comSelect tags
FQDN
user.domain.comLast connected time
2021 Feb 24 15:18:27Unresolved detections
1Alerts
No alertsParent group
/All/Policy Implementation Groups/Laptop ComputersMore details
Hash
4599E0CDC605AD7BF67B7FD67DD11F611E7AE8EDUniform Resource Identifier (URI)
hxxp://macmetalarchitectural.comProcess name
C:\Program Files\Mozilla Firefox\firefox.exeEvent
An attempt to connect to URLRule
Blocked by PUA blacklistScanner
HTTP filterTarget address
192.99.5.93 -
Marcos, I am trying to determine how you found embed.js on hxxps://www.dynamitetoolco.com given that a url search on VT of hxxps://www.dynamitetoolco.com (but with t's) did not find it.
And how can I apply the method you used to find it to macmetalarchitectural.com to determine what the threat is on that site, since VT sees nothing with a URL search of macmetalarchitectural.com.
And if it turns out to be a PUA, but not outright malicious, how do I whitelist it in ESET Security Management Center 7.1?
-
Our users are stating they can't get to macmetalarchitectural.com and want me to whitelist it. They get: Potentially unwanted content found
When I enter the address on VT nothing is found.
When I had a similar issue previously, a VT scan of hxxps://www.dynamitetoolco.com (but with the t's) found nothing... but marcos was able to find an infected file at hxxps://www.dynamitetoolco.com/pub/static/frontend/Smartwave/porto_child/en_US/embed.js and sent me a screenshot of VT noting that file was infected. But no explanation of how that file was located to directly scan the file with VT.Why would VT not find hxxps://www.dynamitetoolco.com/pub/static/frontend/Smartwave/porto_child/en_US/embed.js during a scan of the address hxxps://www.dynamitetoolco.com?
How do I find out if something similar (not all files on the site being scanned) is happening at macmetalarchitectural.com? If it turns out to be not a very serious threat, how do I whitelist a page with potentially unwanted content (using ESET Security Management Center 7.1?).
-
Thanks, is that a virustotal.com result? I don't get those matches (although a bit of time has passed... I don't get the same list of engine sources either). How can we get feedback from ESET other than posting on a public forum for community feedback? If the threat is removed, how do you properly submit for reassessment in a way that allows some form of feedback? Is there a way to whitelist a site on the locally hosted ESET Security Management Center 7.1 that we are using, but keep PUA blocking enabled other than the site?
-
Our purchasing department is trying to purchase from https://www.dynamitetoolco.com, we use web control and if something is falsely categorized we can usually whitelist it in the web control settings. However, this site is blocked by PUA Blacklist not web control. When we use a different service such as Trend Micro to check the page reputation, it is listed as safe. There is an option to submit the site for assessment as being incorrectly blocked on the ESET alert page that pops up that prevents you from going to the page. We submitted it, but there is no feedback mechanism to know if it was reassessed and confirmed as containing something potentially unwanted or if the request just fell in a massive backlog never to be looked at. How can we get feedback on whether it was assessed and why it is listed? If it has some ads that go to browser toolbars but is otherwise safe to order from, is there a way to whitelist this site on the locally hosted ESET Security Management Center 7.1 that we are using but keep PUA blocking enabled other than this site?
Install without firewall
in ESET Endpoint Products
Posted
On the version 9.0 and previous ees_nt64.exe ... I could choose to not install firewall (during the install process). The option seems to be removed in 9.1. How is it now done?