Jump to content
Information for users with OS without SHA-256 support ×

Web threat detected, but no notification is shown

kapela86

By kapela86,
in ESET Endpoint Products

 Share

Recommended Posts

kapela86

kapela86 9

Posted
Posted

I noticed in ERA that one computer has quite a few alerts about "Web threat detected", but when I asked about it coworker that uses this computer, he said that he didn't see any notifications. I did a small test and downloaded eicar test virus and EES displayed notification as it should. I couldn't find out from browser history what webpage was generating that alert. And I couldn't find anything in Configuration to turn on those notifications. Any help will be greatly appreciated.

 

Clipboard02.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,187

Posted
  • Administrators
Posted

The detection comes from the Network protection module which is a part of the firewall. According to the detection name, the user attempted to access parked domains where the registrant exploits typosquatting, typically for monetization purposes.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,187

Posted
  • Administrators
Posted
11 hours ago, kapela86 said:

So why there is no information about what domain was accessed and why Eset didn't show any notification to user.

Because it was network protection that detected and blocked a specific communication. The remote IP address is indeed logged.

Link to comment
Share on other sites
kapela86

kapela86 9

Posted
  • Author
Posted

Remote IP is useless information if I don't know what domain uses it. And eset SHOULD notify user via notification.

As it is right now, user doesn't know that something is blocked!

Eset should show a notification, preferably something like: "firefox.exe tried to access www.somemalitiouswebpage.com but eset stoped it because it detected AdRedirector"

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,187

Posted
  • Administrators
Posted

Information about the address may not be always available, especially if it doesn't pertain to http communication. We'll see if this could be improved in the future.

Currently the following alert is displayed to the user upon detection:

image.png

Please collect logs with ELC and provide me with the generated zip file via a personal message. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...