itman

The URL is clean as far as Virus Total detection goes: https://www.virustotal.com/gui/url/a448e4b42312dfb52871d9eeb09b001d3e02f3cb9ad9c75b434ccd39197d9988/detection This doesn't imply that whatever Eset scanned from your local Chrome installation is clean.

If you want to check Eset security functionality, I recommend this web site: https://www.amtso.org/security-features-check/ . The two file download tests are indeed the eicar test file. Ditto for the archive tests which imbed the eicar test file in those.

Ahh ......... Gotcha. I have to be careful with that trailing /* specification.

The extra character issue withstanding, there is something weird going on with this web site. Prior to the latest FireFox release correcting the problem, I was logging activity on the web via Web Access allowed URL list feature. Normally I see one entry in the Web Access Event log per attempted URL access. Such is not the case with this web site. Below are the log entries created till I manually disconnected from the web site. It appears each object on this web site is set up as a separate URL entry as best as I can explain it: Time;URL;Status;Application;User;IP address;SHA1 4/7/2020 1:39:33 PM;https://web-board.budgetbakers.com;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:33 PM;https://web-board.budgetbakers.com/board-4ef326c940f272415377.css;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:34 PM;https://web-board.budgetbakers.com/2.board-50eb0af0bb3895019f61.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:34 PM;https://web-board.budgetbakers.com/14.board-096f312803bc04993286.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:34 PM;https://web-board.budgetbakers.com/board-d9ddbec8016d52c7c461.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:34 PM;https://web-board.budgetbakers.com/environment.cfg;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:34 PM;https://web-board.budgetbakers.com/assets/apple-touch-icon-1024x1024.png;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:34 PM;https://web-board.budgetbakers.com/assets/favicon-32x32.png;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/7.board-a30149ad6f1fa52fc5b9.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/6.board-5991e97616a5fcf95475.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/3.board-669dedc0633412a24830.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/15.board-855c22dd6a9608507526.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/0.board-5e985e9eeb415d783dcb.css;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/0.board-6c40f5363ffa9c095bbd.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/1.board-c912d467d84224f020ab.css;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/1.board-32ed7232b4112294c17e.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/16.board-ad367b65ed0f61790092.css;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 1:39:35 PM;https://web-board.budgetbakers.com/16.board-9b39aa77b24b411f74c3.js;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;13.107.246.10;A846AB501566E41A396241BA20FF777D4AFAFA11

80% of all exposed Exchange servers still unpatched for critical flaw https://www.bleepingcomputer.com/news/security/80-percent-of-all-exposed-exchange-servers-still-unpatched-for-critical-flaw/

Also a FYI here. My version of FireFox just recently updated to ver. 75 which confirms my suspicion that the issue was originally FireFox related. Most likely: So if any FireFox users of Eset still have issues with your web site, tell them to upgrade FireFox.

Looks like the problem has been fixed in FireFox:

The problem is with FireFox. I can access https://web-board.budgetbakers.com/login in Edge w/o issue per the below screen shot with Eset Web Access options fully enabled.

However if I try to access the login page directly, the below screenshot shows a certificate issue. Something doesn't look right to me here:

All I can say is you appear to be the first one to every get an Eset deep behavior detection. I for one have never seen anything showing a BH/........... detection.

Submit it to VT and see if anyone detects it as cracked.

I disabled SSL/TLS protocol scanning and that is not the issue. Whatever this issue is with Eset's Web Access processing, it appears to be unique to this web site. If it was otherwise, the forum would be full of like postings.

The Eset detection says it all. Eset is detecting is as cracked software. Looks like they are finally cracking down, pun intended, on that malware delivery method.

Interesting. I tried to add the URL as an Eset allowed address to Web Access scanning and it still hung up on access. Event log entries below: Time;URL;Status;Application;User;IP address;SHA1 4/7/2020 11:45:36 AM;https://web-board.budgetbakers.com;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;2620:1ec:bdf::10;A846AB501566E41A396241BA20FF777D4AFAFA11 4/7/2020 11:45:38 AM;https://web-board.budgetbakers.com/environment.cfg;Allowed;C:\Program Files\Mozilla Firefox\firefox.exe;XXX\XXX;2620:1ec:bdf::10;A846AB501566E41A396241BA20FF777D4AFAFA11 Appears when Eset got to the environment.cfg area is where it hung. Also what the issue is lies in Eset SSL/TLS protocol scanning perhaps.

OK, that worked with Eset Web Access protection disabled: