Jump to content

Recommended Posts

We're getting lots of blocked notifications which are showing as unresolved. 

1. Is this normal behaviour?

2. Lots of them are going to one domain name. What can we do to mitigate? 

See messages below

image.thumb.png.5ef3be8fa4c8b219e0eb242e38f7a17a.png

 

More details
Hash
A57DF2FDEBBCE21F5E1913B73797DF0B50BFA03E
Uniform Resource Identifier (URI)
https://hardyload.com
Process name
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Event
An attempt to connect to URL
Rule
Blocked by internal blacklist
Scanner
HTTP filter
Target address
172.64.205.27
Link to post
Share on other sites
  • 4 weeks later...

As you see, the URL that was tried is blocked by ESET's internal blacklist. Without researching the link, i'd say that it will have it's reasons to why it's blocked by ESET.

If this is an URL your users need to get access to, you can manually set the policy to allow connections to that specific URL.

The event gets logged as "unresolved" as you as the admin haven't checked the problem yet. Basically ESETs way of saying "Hey, we did something for you, maybe you wanna have a look on it real quick?"


You should be fine, nothing to worry about here.

Link to post
Share on other sites
  • Most Valued Members

image.thumb.png.06f4d50ea28839ecacdf10d770e816f7.png

 

If you have the ability to block it from your hardware firewall , you can save ESET the struggle.

Link to post
Share on other sites
  • Administrators

A link to the blocked domain is injected in legitimate websites that were compromised.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...