How to remove "allowed script" from website, that I accidentally allowed

[uplink 1]

Greetigns

Any clue where I can find an allowed website [it contains JS Miner]?

I accidentally allowed it, and I can't find the exclusion nowhere

This is the one, I want to block again [please see attached file].

Thank You!

Kind regards

uplink

Edited December 11, 2017 by uplink

[Marcos 5,074]

If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.

[uplink 1]

10 hours ago, Marcos said:

If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.

Greetings Marcos,

Thank You for Your fast reply! I did press "exclude" by mistake. The one in the pop-up. Now I'm unable to find the exclusion I created anywhere in the settings. I even reset the whole Eset, reinstalled Eset [with Revo uninstaller] and did other things :/

On my server [running volume lic. of EES] it didn't even ask about the miner, it simply blocks it and ignores it silently [running Win 2k16 server].

On my desktop, whenever I enter the webpage, all 16 cores hit 100% and I need to turn off the tab immediately. Both because of immense heat it produces [the miner is more cruel than Intel Torture Test, one has yet to see such a marvel] and since they're all running 4.6 GHz, I'm hitting 100°C roof very soon. It's kind of dangerous this little miner.

Any clue where it's included, in what settings? I went through all exclusions, I even excluded the website + url of the script itself, and it's still being ignored by EIS.

Please advise

With kind regards

uplink

[Marcos 5,074]

If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.

[uplink 1]

2 hours ago, Marcos said:

If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.

Hmm, so this is bad?

[galaxy 11]

everything worked ???

[uplink 1]

12 hours ago, galaxy said:

everything worked ???

Erm, no, nothing worked. I don't have any record of the page being blocked, or the script, or nothing, nowhere within the EiS.

[itman 1,659]

In Eset's GUI Internet Protection ->  Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button.

[uplink 1]

9 minutes ago, itman said:

In Eset's GUI Internet Protection ->  Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button.

Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manually

[itman 1,659]

3 minutes ago, uplink said:

Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manu

For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from.

[uplink 1]

6 minutes ago, itman said:

For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from.

Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more!

[itman 1,659]

1 hour ago, uplink said:

Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more!

I must ask this. Why are you going to a web site that you know does coin mining?

[galaxy 11]

I ask myself too

[uplink 1]

21 hours ago, itman said:

I must ask this. Why are you going to a web site that you know does coin mining?

Because it's a functional website I visit for around 5 years, it just acquired coin miner. And it was removed as I wrote it to the admin of the website.

[peteyt 393]

23 hours ago, itman said:

I must ask this. Why are you going to a web site that you know does coin mining?

Didn't a news site or something get hacked and A coin miner places on it. So there's risks on popular well known sites.

[itman 1,659]

58 minutes ago, peteyt said:

Didn't a news site or something get hacked and A coin miner places on it. So there's risks on popular well known sites.

Exactly. This is why one should never override an Eset PUA for a coin miner and allow it.

[peteyt 393]

11 hours ago, itman said:

Exactly. This is why one should never override an Eset PUA for a coin miner and allow it.

Yeah I think the user actually ignored it accidently. I actually think the theory behind coin minining used in this was could have some small mertit. People hate adverts but small sites need revenue to survive and this could be the right balance but they tend to use far too much of a computers power and in turn can become dangerous e.g. lead to overheating. Also most sites don't seem to even tell users they are using coin mining

[itman 1,659]

The problem is hackers are modifying web sites to place malicious coin miners on them. They modify the code to redirect to malicious web sites under their control.

Note that there are two types of coin miners; those that attempt to modify browser memory and those resident on the web server servicing the web site. Eset's PUA protection blocks the former type. The only way you can block the later type is by using an ad blocker with good coin miner protection or create your own coin miner URL block list using Eset's Web Filtering. 

Edited December 15, 2017 by itman