Jump to content
Mr.Wong

False positives detection on website video players?

Recommended Posts

hxxps://animedao.com/

Click on one of the anime series, and I get two false positives detection for video players implemented on the site.

Screenshot_2.jpg.6bb9914753f022fe704a583eead012a0.jpg

Screenshot_3.jpg.db99c54d4437fe056ed80b868d14849e.jpg

 

Share this post


Link to post
Share on other sites

Did you try using an adblocker?

Share this post


Link to post
Share on other sites

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

Share this post


Link to post
Share on other sites
1 hour ago, SeriousHoax said:

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

With the uMatrix statement that you have said , means that when uMatrix is blocking JS then ESET detects nothing because there are no JS being loaded , while you go to Edge and have JS loaded , then ESET blocks JS script from loading.

I believe that the website may have malicious codes.

Share this post


Link to post
Share on other sites
3 hours ago, Rami said:

With the uMatrix statement that you have said , means that when uMatrix is blocking JS then ESET detects nothing because there are no JS being loaded , while you go to Edge and have JS loaded , then ESET blocks JS script from loading.

I believe that the website may have malicious codes.

Yes, that's right.

Share this post


Link to post
Share on other sites
4 minutes ago, SeriousHoax said:

Yes, that's right.

These websites tend to have lot of advertising , while their ads might contain some kind of JS loads , even if the website is safe , it might be malicious ads' servers , or might be the website is hijacked.

Keep your uMatrix , it's good ;)

Share this post


Link to post
Share on other sites
8 minutes ago, Rami said:

These websites tend to have lot of advertising , while their ads might contain some kind of JS loads , even if the website is safe , it might be malicious ads' servers , or might be the website is hijacked.

Keep your uMatrix , it's good ;)

Yes, it seems a lot of threats spread through JS nowadays. So, something like uMatrix/Nocript/uBlock Origin in medium mode is another added layer of protection. So for me, uBlock Origin with a good amount of filters, uMatrix and there's also Eset of course ­čśÄ

Share this post


Link to post
Share on other sites
14 hours ago, Rami said:

Did you try using an adblocker?

 

11 hours ago, SeriousHoax said:

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

Share this post


Link to post
Share on other sites
37 minutes ago, Mr.Wong said:

I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

Share this post


Link to post
Share on other sites
On 6/30/2019 at 6:54 PM, itman said:

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

Should I enable these two video players on the site or no? 

Share this post


Link to post
Share on other sites
38 minutes ago, Mr.Wong said:

Should I enable these two video players on the site or no? 

No. At this point, it is not known if the Eset's alerts are legitimate or not.

Open Eset GUI. Select Tools. Then refer to the below screen shot to report what you beleive is a false positive detection for the web site:

Eset_FP.thumb.png.88b2fc2a136a23f2d33a3fd5000908c7.png

Share this post


Link to post
Share on other sites

JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.

Share this post


Link to post
Share on other sites
On 7/2/2019 at 2:24 PM, Marcos said:

JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.

So the second picture detection is correct, and what about the first picture detection? Is it a false positive?

Share this post


Link to post
Share on other sites
9 minutes ago, Mr.Wong said:

So the second picture detection is correct, and what about the first picture detection? Is it a false positive?

It's correct too. Both detections seem to be related to aggressive ads.

Share this post


Link to post
Share on other sites
On 6/30/2019 at 11:54 PM, itman said:

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

 

On 7/2/2019 at 6:09 PM, Mr.Wong said:

Should I enable these two video players on the site or no? 

I dont use ublock so not sure how it works but can you disable javascript for specfic sites only e.g. for this video site that way it wouldnt be trying to load it as an extra precaution or could this possibly disable the player?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...