Jump to content
New end-of-life policy for business products. Upgrade strongly recommended for older versions. ×
Customer satisfaction survey 2020 ×
macOS 11.0 Big Sur important news - read before upgrade

Web threat detected, but no notification is shown

kapela86

By kapela86,
in ESET Endpoint Products

 Share Followers 2

Recommended Posts

kapela86

kapela86 4

Posted
Posted

I noticed in ERA that one computer has quite a few alerts about "Web threat detected", but when I asked about it coworker that uses this computer, he said that he didn't see any notifications. I did a small test and downloaded eicar test virus and EES displayed notification as it should. I couldn't find out from browser history what webpage was generating that alert. And I couldn't find anything in Configuration to turn on those notifications. Any help will be greatly appreciated.

 

Clipboard02.png

Link to post
Share on other sites
  • Administrators
Marcos

Marcos 3,501

Posted
  • Administrators
Posted

The detection comes from the Network protection module which is a part of the firewall. According to the detection name, the user attempted to access parked domains where the registrant exploits typosquatting, typically for monetization purposes.

Link to post
Share on other sites
  • Administrators
Marcos

Marcos 3,501

Posted
  • Administrators
Posted
11 hours ago, kapela86 said:

So why there is no information about what domain was accessed and why Eset didn't show any notification to user.

Because it was network protection that detected and blocked a specific communication. The remote IP address is indeed logged.

Link to post
Share on other sites
kapela86

kapela86 4

Posted
  • Author
Posted

Remote IP is useless information if I don't know what domain uses it. And eset SHOULD notify user via notification.

As it is right now, user doesn't know that something is blocked!

Eset should show a notification, preferably something like: "firefox.exe tried to access www.somemalitiouswebpage.com but eset stoped it because it detected AdRedirector"

 

Link to post
Share on other sites
  • Administrators
Marcos

Marcos 3,501

Posted
  • Administrators
Posted

Information about the address may not be always available, especially if it doesn't pertain to http communication. We'll see if this could be improved in the future.

Currently the following alert is displayed to the user upon detection:

image.png

Please collect logs with ELC and provide me with the generated zip file via a personal message. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 2
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...