Jump to content

Info on which website caused Eset to take action


beethoven

Recommended Posts

Using ESET PROTECT Cloud (version: 2.3.5.1) - a few times now I have been alerted via the cloud console about Eset terminating a script scanner (see screenshot) . Staff are aware to be careful as to which sites to access, so I am a bit frustrated that this seems to happen for one particular user.  From the alert I can see that it was handled by Eset and that it was a chrome / website use but is there any way to see which webaddress "served" the malware.  If this happened on a legit site that the user needs to access, I would feel better than thinking he he keeps surfing to sites that have nothing to do with work. The Object URI does not tell me much - it might be an add ?

Scriptscanner alert.jpg

Link to comment
Share on other sites

Marcos, thank you but I think you may have misunderstood. I realise that the above caused Eset to take action but I do not think that my colleague went to this website intentionally. According to him he went to a car site and googling adnxs  it seems that Adnxs.com is part of an advertising service that website publishers can use to generate revenue on their sites. Unfortunately, there are malicious programs that are redirecting users to these Adnxs.com ads without the permission of the publisher in order to generate revenue.

I think it would be useful to know which website may have been compromised  or just used this service so that if I see the same alert coming through for the same staff member several times whether this relates to the same site. In that case I would ask him not to access this site from our pc. I don't care if he uses his home pc. 

Link to comment
Share on other sites

  • 3 weeks later...

I would imagine that ESET wouldn't know which page loaded this URL. 

Similar to this, I have these kind of alerts feed into my PSA via an email alert. I can't find any way to include that URL in the email alert. I think it may be a bug.

Link to comment
Share on other sites

  • Administrators

Unfortunately the information is not available. It's not a bug.

There is a chance that this info could be available in the future, however.

Link to comment
Share on other sites

Marcos,

I probably wasn't clear enough! Here is an example alert. I want the URI to be included in the email alert. It's not an option to be included in the alert. This is the info that ESET generates (pic).

Screenshot 2021-08-05 100843.png

Link to comment
Share on other sites

  • Administrators

If you are referring to email notifications sent by Endpoint, I recall there are plans to improve them. You can ask for desired improvements via your local ESET distributor who will then report it further to ESET HQ. The more people request a feature that is reasonable and can be implemented, the higher chance it will be implemented.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...