TheESETuserTHATis 0 Posted November 11, 2020 Share Posted November 11, 2020 Our purchasing department is trying to purchase from https://www.dynamitetoolco.com, we use web control and if something is falsely categorized we can usually whitelist it in the web control settings. However, this site is blocked by PUA Blacklist not web control. When we use a different service such as Trend Micro to check the page reputation, it is listed as safe. There is an option to submit the site for assessment as being incorrectly blocked on the ESET alert page that pops up that prevents you from going to the page. We submitted it, but there is no feedback mechanism to know if it was reassessed and confirmed as containing something potentially unwanted or if the request just fell in a massive backlog never to be looked at. How can we get feedback on whether it was assessed and why it is listed? If it has some ads that go to browser toolbars but is otherwise safe to order from, is there a way to whitelist this site on the locally hosted ESET Security Management Center 7.1 that we are using but keep PUA blocking enabled other than this site? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 11, 2020 Administrators Share Posted November 11, 2020 The website in question was compromised and embed.js still contains JS/Spy.Agent.BB trojan. You can notify an administrator or owner of the website. Link to comment Share on other sites More sharing options...
TheESETuserTHATis 0 Posted December 7, 2020 Author Share Posted December 7, 2020 Thanks, is that a virustotal.com result? I don't get those matches (although a bit of time has passed... I don't get the same list of engine sources either). How can we get feedback from ESET other than posting on a public forum for community feedback? If the threat is removed, how do you properly submit for reassessment in a way that allows some form of feedback? Is there a way to whitelist a site on the locally hosted ESET Security Management Center 7.1 that we are using, but keep PUA blocking enabled other than the site? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 7, 2020 Administrators Share Posted December 7, 2020 The website is still infected. In particular, it's the file hxxps://www.dynamitetoolco.com/pub/static/frontend/Smartwave/porto_child/en_US/embed.js which contains a malicious javascript. If you suspect that a file is incorrectly detected or a website is incorrectly blocked, you can contact ESET as per https://support.eset.com/en/kb141. Link to comment Share on other sites More sharing options...
Recommended Posts