kapela86 11 Posted January 19, 2018 Posted January 19, 2018 I noticed in ERA that one computer has quite a few alerts about "Web threat detected", but when I asked about it coworker that uses this computer, he said that he didn't see any notifications. I did a small test and downloaded eicar test virus and EES displayed notification as it should. I couldn't find out from browser history what webpage was generating that alert. And I couldn't find anything in Configuration to turn on those notifications. Any help will be greatly appreciated.
Administrators Marcos 5,727 Posted January 19, 2018 Administrators Posted January 19, 2018 The detection comes from the Network protection module which is a part of the firewall. According to the detection name, the user attempted to access parked domains where the registrant exploits typosquatting, typically for monetization purposes.
kapela86 11 Posted January 19, 2018 Author Posted January 19, 2018 So why there is no information about what domain was accessed and why Eset didn't show any notification to user.
Administrators Marcos 5,727 Posted January 20, 2018 Administrators Posted January 20, 2018 11 hours ago, kapela86 said: So why there is no information about what domain was accessed and why Eset didn't show any notification to user. Because it was network protection that detected and blocked a specific communication. The remote IP address is indeed logged.
kapela86 11 Posted January 20, 2018 Author Posted January 20, 2018 Remote IP is useless information if I don't know what domain uses it. And eset SHOULD notify user via notification. As it is right now, user doesn't know that something is blocked! Eset should show a notification, preferably something like: "firefox.exe tried to access www.somemalitiouswebpage.com but eset stoped it because it detected AdRedirector"
Administrators Marcos 5,727 Posted January 22, 2018 Administrators Posted January 22, 2018 Information about the address may not be always available, especially if it doesn't pertain to http communication. We'll see if this could be improved in the future. Currently the following alert is displayed to the user upon detection: Please collect logs with ELC and provide me with the generated zip file via a personal message. If too big to attach, upload it to a safe location (e.g. Dropbox, OneDrive, etc.) and provide a download link.
Recommended Posts