Jump to content

False positives detection on website video players?


Recommended Posts

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

Link to post
Share on other sites
  • Most Valued Members
1 hour ago, SeriousHoax said:

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

With the uMatrix statement that you have said , means that when uMatrix is blocking JS then ESET detects nothing because there are no JS being loaded , while you go to Edge and have JS loaded , then ESET blocks JS script from loading.

I believe that the website may have malicious codes.

Link to post
Share on other sites
3 hours ago, Rami said:

With the uMatrix statement that you have said , means that when uMatrix is blocking JS then ESET detects nothing because there are no JS being loaded , while you go to Edge and have JS loaded , then ESET blocks JS script from loading.

I believe that the website may have malicious codes.

Yes, that's right.

Link to post
Share on other sites
  • Most Valued Members
4 minutes ago, SeriousHoax said:

Yes, that's right.

These websites tend to have lot of advertising , while their ads might contain some kind of JS loads , even if the website is safe , it might be malicious ads' servers , or might be the website is hijacked.

Keep your uMatrix , it's good ;)

Link to post
Share on other sites
8 minutes ago, Rami said:

These websites tend to have lot of advertising , while their ads might contain some kind of JS loads , even if the website is safe , it might be malicious ads' servers , or might be the website is hijacked.

Keep your uMatrix , it's good ;)

Yes, it seems a lot of threats spread through JS nowadays. So, something like uMatrix/Nocript/uBlock Origin in medium mode is another added layer of protection. So for me, uBlock Origin with a good amount of filters, uMatrix and there's also Eset of course 😎

Link to post
Share on other sites
14 hours ago, Rami said:

Did you try using an adblocker?

 

11 hours ago, SeriousHoax said:

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

Link to post
Share on other sites
37 minutes ago, Mr.Wong said:

I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

Link to post
Share on other sites
On 6/30/2019 at 6:54 PM, itman said:

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

Should I enable these two video players on the site or no? 

Link to post
Share on other sites
38 minutes ago, Mr.Wong said:

Should I enable these two video players on the site or no? 

No. At this point, it is not known if the Eset's alerts are legitimate or not.

Open Eset GUI. Select Tools. Then refer to the below screen shot to report what you beleive is a false positive detection for the web site:

Eset_FP.thumb.png.88b2fc2a136a23f2d33a3fd5000908c7.png

Link to post
Share on other sites
  • Administrators

JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.

Link to post
Share on other sites
On 7/2/2019 at 2:24 PM, Marcos said:

JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.

So the second picture detection is correct, and what about the first picture detection? Is it a false positive?

Link to post
Share on other sites
  • Administrators
9 minutes ago, Mr.Wong said:

So the second picture detection is correct, and what about the first picture detection? Is it a false positive?

It's correct too. Both detections seem to be related to aggressive ads.

Link to post
Share on other sites
  • Most Valued Members
On 6/30/2019 at 11:54 PM, itman said:

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

 

On 7/2/2019 at 6:09 PM, Mr.Wong said:

Should I enable these two video players on the site or no? 

I dont use ublock so not sure how it works but can you disable javascript for specfic sites only e.g. for this video site that way it wouldnt be trying to load it as an extra precaution or could this possibly disable the player?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...