Jump to content
doxiMAN_MAN

JS/Adware.Agent.AA Application

Recommended Posts

I have a site network that I watch tv shows from for almost 2 years, but this morning I tried going to https://watchdoctorwhoonline.com , which is one of the sites that the network owns, and it had always worked in the past with no issues, and I got this problem.

I don't think it's the site's problem, as it never had any issues. Should I turn off eset to use the site or did the site probably get hacked or something similar...?

 

2156c2b415971218f3dde451d4046a54.png

Share this post


Link to post
Share on other sites

The detection is correct and it's not new. The detection is related to aggressive ads which I started getting after opening the website with ESET disabled.

Share this post


Link to post
Share on other sites
3 minutes ago, Marcos said:

The detection is correct and it's not new. The detection is related to aggressive ads which I started getting after opening the website with ESET disabled.

Then if I have Ublock, is it fine to disable eset just when using the site?

Share this post


Link to post
Share on other sites
Posted (edited)
25 minutes ago, doxiMAN_MAN said:

Then if I have Ublock, is it fine to disable eset just when using the site?

UblockO is great for ad and like blocking. Just note that it won't prevent you from getting infected by other JavaScript and like malware from sources not detected by UblockO.

Edited by itman

Share this post


Link to post
Share on other sites
9 minutes ago, itman said:

UblockO is great for ad and like blocking. Just note that it won't prevent you from getting infected by other JavaScript and like malware from sources not detected by UblockO.

But as I said I don't believe the site itself actually has any malware, can the ads alone give me malware?

Share this post


Link to post
Share on other sites
52 minutes ago, doxiMAN_MAN said:

can the ads alone give me malware?

Yes if they were not previously blocked by an ad blocker.

In this instance, Eset's SSL/TLS scanning detected the malicious ad prior to the web page being rendered in the browser. Hence, the use of any ad blocking being N/A since that occurs during the web browser page rendering processing.

If you exclude the URL from Eset's Web Access protection by adding it to the Allowed list, you are in essence playing a malware game of "Russian roulette" and hoping that any malicious web page content will be detected by your ad blocking software.

Share this post


Link to post
Share on other sites
Posted (edited)
5 minutes ago, itman said:

Yes if they were not previously blocked by an ad blocker.

In this instance, Eset's SSL/TLS scanning detected the malicious ad prior to the web page being rendered in the browser. Hence, the use of any ad blocking being N/A since that occurs during the web browser page rendering processing.

If you exclude the URL from Eset's Web Access protection by adding it to the Allowed list, you are in essence playing a malware game of "Russian roulette" and hoping that any malicious web page content will be detected by your ad blocking software.

Then can I not use the site anymore? It has never been like that, I've been using this site for over a year. How can I add the site to the allowed list? I've tried adding it to the setup -> internet protection -> web access protection -> URL address management -> edit -> list of allowed addresses -> edit -> and I added the site: "https://watchdoctorwhoonline.com", but it's still blocked, I've restarted the tab, chrome, even the PC but it's still blocked. do I have to disable eset via the "pause protection" feature? 

Edited by doxiMAN_MAN

Share this post


Link to post
Share on other sites

Do the following at your own peril. If you later get infected, do not expect forum help.

1. In the Eset GUI, select Advanced Setup.

2. Under Web and Email -> Protocol Filtering -> Excluded IP Addresses, add these two IP addresses; 52.2.15.20 and 54.165.76.66. Save your changes.

At this point, you should be able to connect to the web site. Connect to the web site. If you cannot connect to the web site, delete the prior added IP addresses and do not perform the following steps.

3. In the Eset GUI, select Advanced Setup. Under Web and Email -> Protocol Filtering -> SSL/TLS -> List of known certificates, click on Edit.

4. Click on the Add tab.

5. In the Add certificate screen, click on the URL tab. At this point the web site certificate data should populate Certificate name, issuer, and subject fields.

6. Change Scan action selection to Ignore.  Click on OK tab on that and any subsequent displayed screen to save your changes.

Extremely important. Repeat steps 1. and 2. and delete the prior two IP addressed added. Verify again that the IP addresses have been deleted. This must be done since these IP addresses relate to Amazon servers hosting multiple domain names.

Share this post


Link to post
Share on other sites
7 minutes ago, itman said:

Do the following at your own peril. If you later get infected, do not expect forum help.

1. In the Eset GUI, select Advanced Setup.

2. Under Web and Email -> Protocol Filtering -> Excluded IP Addresses, add these two IP addresses; 52.2.15.20 and 54.165.76.66. Save your changes.

At this point, you should be able to connect to the web site. Connect to the web site. If you cannot connect to the web site, delete the prior added IP addresses and do not perform the following steps.

3. In the Eset GUI, select Advanced Setup. Under Web and Email -> Protocol Filtering -> SSL/TLS -> List of known certificates, click on Edit.

4. Click on the Add tab.

5. In the Add certificate screen, click on the URL tab. At this point the web site certificate data should populate Certificate name, issuer, and subject fields.

6. Change Scan action selection to Ignore.  Click on OK tab on that and any subsequent displayed screen to save your changes.

Extremely important. Repeat steps 1. and 2. and delete the prior two IP addressed added. Verify again that the IP addresses have been deleted. This must be done since these IP addresses relate to Amazon servers hosting multiple domain names.

(excluding the IP addresses didn't work) On step 5, what URL am I supposed to put in the "URL Address"? I tried the website's address (https://watchdoc....) and clicked ok, but it turned red with the message "Failed to download certificate from given URL".

Share this post


Link to post
Share on other sites

Try watchdoctorwhoonline.com instead.

Share this post


Link to post
Share on other sites

Then it appears you are out of luck. Do not permanently exclude those two IP addresses since it will expose you to malware risks from multiple web sites.

Share this post


Link to post
Share on other sites
Posted (edited)
14 minutes ago, itman said:

Then it appears you are out of luck. Do not permanently exclude those two IP addresses since it will expose you to malware risks from multiple web sites.

I fixed it by following this tutorial... https://support.eset.com/kb2960/ thanks.

P.S. I tried adding it to the "Allowed" URLs and it didn't work, just now I tried adding it to the excluded from checking list and it worked.

 

Edited by doxiMAN_MAN

Share this post


Link to post
Share on other sites
Posted (edited)

The site is using a Cloudflare; i.e. DNS provider, root cert. with dozens of named urls on it. See no way that Eset will be able to exclude this site.

Edited by itman

Share this post


Link to post
Share on other sites
3 minutes ago, doxiMAN_MAN said:

I fixed it by following this tutorial... https://support.eset.com/kb2960/ thanks.

P.S. I tried adding it to the "Allowed" URLs and it didn't work, just now I tried adding it to the excluded from checking list and it worked.

 

Forgot about that one. It's a new option added in ver. 12.2.23 I beleive.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...