Multiple Notifications of exact same type

[Hpoonis 7]

HI all,

Network protection blocks a particular site. It blocks subsequent attempts to same site. Is there a way to prevent repeated messages for the same site?  It is a chore to see 5 or more popups for the same site.

 

Thanks

[Marcos 5,070]

No, it's not possible. An alert is displayed each time that access to a blocked site was attempted by an application.

[Hpoonis 7]

It would be a nice feature to have.  The constant popups for blocked site, and even more for firewall rules are just an annoying overload.

[Marcos 5,070]

Do you mean to silently block malware as well as access to malicious websites for a while and only the attempts ? It might not help anyways in cases when something was continually attempting to access malicious files or websites, e.g. a malicious browser add-on.

[Hpoonis 7]

Ah...but if multiple, similar notifications are required then faith in the product is lacking.  If confidence runs high for the NOD engine then what need for constant reminders?

At the very least, an option - for the confident user - to run silent after one of a particular URL has been displayed would be nice.

[itman 1,659]

4 hours ago, Hpoonis said:

Network protection blocks a particular site. It blocks subsequent attempts to same site. Is there a way to prevent repeated messages for the same site?  It is a chore to see 5 or more popups for the same site.

I suggest adding the web site URL as *.badsite.com/* where badsite.com is the offending domain name to Eset's Web Access Protection "List of blocked addresses." Then research why your browser keeps redirecting you to this web site.

[Hpoonis 7]

I know exactly why this site has attempts on it. That is not the issue, is it? I know it is blocked and therefore would appreciate NOT being reminded of it on every occasion.  The ability to limit notifications would be great.

[Marcos 5,070]

Please provide instructions how to reproduce it and ideally a demonstration video too.

[Hpoonis 7]

Thanks but irrelevant. As I previously wrote, I KNOW what these site blocks are for. This entire post was about having the ability to limit repetitive notifications.

Edited January 13, 2020 by Hpoonis

[itman 1,659]

2 hours ago, Hpoonis said:

I know exactly why this site has attempts on it. That is not the issue, is it? I know it is blocked and therefore would appreciate NOT being reminded of it on every occasion.  The ability to limit notifications would be great.

The only way to do this is by methods employed by browser extension ad blockers and the like. They do so silently w/o alert by predefined block list capability prior to the web page being displayed as I previously suggested .

Eset and other like AV products have no way of determining if this is the first attempted access to the site or subsequent access.

What Eset could provide is the ability similar to that provided in its PUA alerts. That is to allow the user to add the web site to its existing Eset block list or a user created block list via global specification; e.g. *.badsite.com/* , This could be automated somewhat by showing the block option as "hide future web site alerts and silently block" or something on this order.

 

Edited January 13, 2020 by itman

[Hpoonis 7]

Logic 101:

Is this site in the blocked list; TRUE/FALSE

If FALSE add to list; show notify

Set block TRUE

 

Edited January 14, 2020 by Hpoonis

[Marcos 5,070]

The above has a missing condition for aggregation of same alerts generated in the last 1-2 seconds. If the same alert was to be generated a while later, it would have to be displayed. Without that the user would not know that the machine is infected and the AV is blocking something silently in the background.

[Hpoonis 7]

Now you are mixing site blocking with actual infections.  Once again, the abillity to limit notifictions would be a nice feature, regardless of whether the user is an idiot, or someone that has half an idea they know what they are doing.

 

Thanks anyway.  I'll have done with it. This conversation is becoming circular.

[Marcos 5,070]

Site blocking is often interconnected with malware being active on a machine. E.g. if there's an undetected downloader running on a machine that continually attempts to download payload from a url that is blocked by Web access protection, alerts about blocked urls give the user an indication that something bad is going on there which should be looked at.

[local 0]

12 minutes ago, Marcos said:

E.g. if there's an undetected downloader running on a machine

Just out of curiosity, from a logical point of view.

If ESET blocks the site , that means ESET is aware about the downloader , so why ESET wouldn't detect the malicious downloader?

[Marcos 5,070]

If a process accesses a blocked website it doesn't automatically mean that
- the url / host is 100% malicious
- the process is 100% malicious.

While we are aware of the majority of urls with malware, it can be even an innocuous application (e.g. browser) that accessed it.