Hpoonis 7 Posted January 10, 2020 Posted January 10, 2020 HI all, Network protection blocks a particular site. It blocks subsequent attempts to same site. Is there a way to prevent repeated messages for the same site? It is a chore to see 5 or more popups for the same site. Thanks
Administrators Marcos 5,453 Posted January 10, 2020 Administrators Posted January 10, 2020 No, it's not possible. An alert is displayed each time that access to a blocked site was attempted by an application.
Hpoonis 7 Posted January 10, 2020 Author Posted January 10, 2020 It would be a nice feature to have. The constant popups for blocked site, and even more for firewall rules are just an annoying overload.
Administrators Marcos 5,453 Posted January 10, 2020 Administrators Posted January 10, 2020 Do you mean to silently block malware as well as access to malicious websites for a while and only the attempts ? It might not help anyways in cases when something was continually attempting to access malicious files or websites, e.g. a malicious browser add-on.
Hpoonis 7 Posted January 10, 2020 Author Posted January 10, 2020 Ah...but if multiple, similar notifications are required then faith in the product is lacking. If confidence runs high for the NOD engine then what need for constant reminders? At the very least, an option - for the confident user - to run silent after one of a particular URL has been displayed would be nice.
itman 1,801 Posted January 10, 2020 Posted January 10, 2020 4 hours ago, Hpoonis said: Network protection blocks a particular site. It blocks subsequent attempts to same site. Is there a way to prevent repeated messages for the same site? It is a chore to see 5 or more popups for the same site. I suggest adding the web site URL as *.badsite.com/* where badsite.com is the offending domain name to Eset's Web Access Protection "List of blocked addresses." Then research why your browser keeps redirecting you to this web site.
Hpoonis 7 Posted January 13, 2020 Author Posted January 13, 2020 I know exactly why this site has attempts on it. That is not the issue, is it? I know it is blocked and therefore would appreciate NOT being reminded of it on every occasion. The ability to limit notifications would be great.
Administrators Marcos 5,453 Posted January 13, 2020 Administrators Posted January 13, 2020 Please provide instructions how to reproduce it and ideally a demonstration video too.
Hpoonis 7 Posted January 13, 2020 Author Posted January 13, 2020 (edited) Thanks but irrelevant. As I previously wrote, I KNOW what these site blocks are for. This entire post was about having the ability to limit repetitive notifications. Edited January 13, 2020 by Hpoonis
itman 1,801 Posted January 13, 2020 Posted January 13, 2020 (edited) 2 hours ago, Hpoonis said: I know exactly why this site has attempts on it. That is not the issue, is it? I know it is blocked and therefore would appreciate NOT being reminded of it on every occasion. The ability to limit notifications would be great. The only way to do this is by methods employed by browser extension ad blockers and the like. They do so silently w/o alert by predefined block list capability prior to the web page being displayed as I previously suggested . Eset and other like AV products have no way of determining if this is the first attempted access to the site or subsequent access. What Eset could provide is the ability similar to that provided in its PUA alerts. That is to allow the user to add the web site to its existing Eset block list or a user created block list via global specification; e.g. *.badsite.com/* , This could be automated somewhat by showing the block option as "hide future web site alerts and silently block" or something on this order. Edited January 13, 2020 by itman
Hpoonis 7 Posted January 14, 2020 Author Posted January 14, 2020 (edited) Logic 101: Is this site in the blocked list; TRUE/FALSE If FALSE add to list; show notify Set block TRUE Edited January 14, 2020 by Hpoonis
Administrators Marcos 5,453 Posted January 14, 2020 Administrators Posted January 14, 2020 The above has a missing condition for aggregation of same alerts generated in the last 1-2 seconds. If the same alert was to be generated a while later, it would have to be displayed. Without that the user would not know that the machine is infected and the AV is blocking something silently in the background.
Hpoonis 7 Posted January 14, 2020 Author Posted January 14, 2020 Now you are mixing site blocking with actual infections. Once again, the abillity to limit notifictions would be a nice feature, regardless of whether the user is an idiot, or someone that has half an idea they know what they are doing. Thanks anyway. I'll have done with it. This conversation is becoming circular.
Administrators Marcos 5,453 Posted January 14, 2020 Administrators Posted January 14, 2020 Site blocking is often interconnected with malware being active on a machine. E.g. if there's an undetected downloader running on a machine that continually attempts to download payload from a url that is blocked by Web access protection, alerts about blocked urls give the user an indication that something bad is going on there which should be looked at. itman 1
local 0 Posted January 14, 2020 Posted January 14, 2020 12 minutes ago, Marcos said: E.g. if there's an undetected downloader running on a machine Just out of curiosity, from a logical point of view. If ESET blocks the site , that means ESET is aware about the downloader , so why ESET wouldn't detect the malicious downloader?
Administrators Marcos 5,453 Posted January 14, 2020 Administrators Posted January 14, 2020 If a process accesses a blocked website it doesn't automatically mean that - the url / host is 100% malicious - the process is 100% malicious. While we are aware of the majority of urls with malware, it can be even an innocuous application (e.g. browser) that accessed it.
Recommended Posts