Jump to content

Web threat detected, but no notification is shown


Recommended Posts

I noticed in ERA that one computer has quite a few alerts about "Web threat detected", but when I asked about it coworker that uses this computer, he said that he didn't see any notifications. I did a small test and downloaded eicar test virus and EES displayed notification as it should. I couldn't find out from browser history what webpage was generating that alert. And I couldn't find anything in Configuration to turn on those notifications. Any help will be greatly appreciated.

 

Clipboard02.png

Link to post
Share on other sites
  • Administrators

The detection comes from the Network protection module which is a part of the firewall. According to the detection name, the user attempted to access parked domains where the registrant exploits typosquatting, typically for monetization purposes.

Link to post
Share on other sites
  • Administrators
11 hours ago, kapela86 said:

So why there is no information about what domain was accessed and why Eset didn't show any notification to user.

Because it was network protection that detected and blocked a specific communication. The remote IP address is indeed logged.

Link to post
Share on other sites

Remote IP is useless information if I don't know what domain uses it. And eset SHOULD notify user via notification.

As it is right now, user doesn't know that something is blocked!

Eset should show a notification, preferably something like: "firefox.exe tried to access www.somemalitiouswebpage.com but eset stoped it because it detected AdRedirector"

 

Link to post
Share on other sites
  • Administrators

Information about the address may not be always available, especially if it doesn't pertain to http communication. We'll see if this could be improved in the future.

Currently the following alert is displayed to the user upon detection:

image.png

Please collect logs with ELC and provide me with the generated zip file via a personal message. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...