Jump to content

Blocked by PUA Blacklist


Recommended Posts

Our purchasing department is trying to purchase from https://www.dynamitetoolco.com, we use web control and if something is falsely categorized we can usually whitelist it in the web control settings. However, this site is blocked by PUA Blacklist not web control. When we use a different service such as Trend Micro to check the page reputation, it is listed as safe. There is an option to submit the site for assessment as being incorrectly blocked on the ESET alert page that pops up that prevents you from going to the page. We submitted it, but there is no feedback mechanism to know if it was reassessed and confirmed as containing something potentially unwanted or if the request just fell in a massive backlog never to be looked at. How can we get feedback on whether it was assessed and why it is listed? If it has some ads that go to browser toolbars but is otherwise safe to order from, is there a way to whitelist this site on the locally hosted ESET Security Management Center 7.1 that we are using but keep PUA blocking enabled other than this site?

Link to comment
Share on other sites

  • Administrators

The website in question was compromised and embed.js still contains JS/Spy.Agent.BB trojan. You can notify an administrator or owner of the website.

image.png

Link to comment
Share on other sites

  • 4 weeks later...

Thanks, is that a virustotal.com result? I don't get those matches (although a bit of time has passed... I don't get the same list of engine sources either). How can we get feedback from ESET other than posting on a public forum for community feedback? If the threat is removed, how do you properly submit for reassessment in a way that allows some form of feedback? Is there a way to whitelist a site on the locally hosted ESET Security Management Center 7.1 that we are using, but keep PUA blocking enabled other than the site?

Link to comment
Share on other sites

  • Administrators

The website is still infected. In particular, it's the file hxxps://www.dynamitetoolco.com/pub/static/frontend/Smartwave/porto_child/en_US/embed.js which contains a malicious javascript.

If you suspect that a file is incorrectly detected or a website is incorrectly blocked, you can contact ESET as per https://support.eset.com/en/kb141.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...