DaveB-Opt 0 Posted April 20, 2020 Share Posted April 20, 2020 We're getting lots of blocked notifications which are showing as unresolved. 1. Is this normal behaviour? 2. Lots of them are going to one domain name. What can we do to mitigate? See messages below More details Hash A57DF2FDEBBCE21F5E1913B73797DF0B50BFA03E Uniform Resource Identifier (URI) https://hardyload.com Process name C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Event An attempt to connect to URL Rule Blocked by internal blacklist Scanner HTTP filter Target address 172.64.205.27 Link to comment Share on other sites More sharing options...
mxp 0 Posted May 14, 2020 Share Posted May 14, 2020 As you see, the URL that was tried is blocked by ESET's internal blacklist. Without researching the link, i'd say that it will have it's reasons to why it's blocked by ESET. If this is an URL your users need to get access to, you can manually set the policy to allow connections to that specific URL. The event gets logged as "unresolved" as you as the admin haven't checked the problem yet. Basically ESETs way of saying "Hey, we did something for you, maybe you wanna have a look on it real quick?" You should be fine, nothing to worry about here. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted May 14, 2020 Most Valued Members Share Posted May 14, 2020 If you have the ability to block it from your hardware firewall , you can save ESET the struggle. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted May 14, 2020 Administrators Share Posted May 14, 2020 A link to the blocked domain is injected in legitimate websites that were compromised. Link to comment Share on other sites More sharing options...
Recommended Posts