Ori0749 0 Posted November 9, 2022 Posted November 9, 2022 I was able to get to the site animeshow.tv in my previews windows 11 i had. but today i did a clean install of windows 11 22h2, and installed again the ESET IS product. but when i tried to open that site i'm getting bloked by the the IS with alert about "JS/Adware.Subprop.Y" threat. Even in gogoanime.tel that i can open, it is blocking some of the Video streaming players like Vidstreaming and gogo Server with HTML/ScrInject.B threat. and in my previews windows 11 i also didn't get it on those players..... So how do i solve it if it is false alert ? or maybe those are real threats?
Administrators Marcos 5,443 Posted November 9, 2022 Administrators Posted November 9, 2022 The detection is correct. An administrator of the website must remove the javascript adware but I'm afraid it's used on purpose by the owner.
Ori0749 0 Posted November 9, 2022 Author Posted November 9, 2022 Then why i didn't get it on my previous Windows 11 which was exactly the same as this in terms of updates and IS version
Administrators Marcos 5,443 Posted November 9, 2022 Administrators Posted November 9, 2022 It could be that the Insider preview version of Windows 11 contains an updated version of Edge which might use a different user-agent to which the adware didn't react and didn't inject into web pages.
Ori0749 0 Posted November 9, 2022 Author Posted November 9, 2022 I didn't had a preview version of windows 11. i had the Official one
Administrators Marcos 5,443 Posted November 9, 2022 Administrators Posted November 9, 2022 Doesn't matter. I've checked the source code and it indeed loads JS/Adware.Subprop.
SeriousHoax 87 Posted November 14, 2022 Posted November 14, 2022 On 11/10/2022 at 2:36 AM, Marcos said: Doesn't matter. I've checked the source code and it indeed loads JS/Adware.Subprop. Do these scripts eventually lead to downloading malware if the user doesn't have a third-party AV or any ad blocker installed?
Administrators Marcos 5,443 Posted November 14, 2022 Administrators Posted November 14, 2022 19 minutes ago, SeriousHoax said: Do these scripts eventually lead to downloading malware if the user doesn't have a third-party AV or any ad blocker installed? I assume they download only ads. These scripts are heavily obfuscated so it's not easy to find out what exactly they do.
SeriousHoax 87 Posted November 14, 2022 Posted November 14, 2022 10 minutes ago, Marcos said: I assume they download only ads. These scripts are heavily obfuscated so it's not easy to find out what exactly they do. I see. But if they only serve ads, wouldn't it be better to only block the suspicious scripts instead of blocking the whole site? It's adblockers job to block ads scripts, and they do it by blocking the ad related scripts on a webpage without blocking it completely. Without ESET's HTTPS scanning, there is no block from ESET as the ad-related scripts are blocked by the adblocker. Without adblocker+without HTTPS scanning ESET let me visit the site and only block the bad third party connections. With HTTPS scanning + adblocker installed, ESET completely block access to the site.
Most Valued Members Nightowl 206 Posted November 14, 2022 Most Valued Members Posted November 14, 2022 (edited) 6 minutes ago, SeriousHoax said: I see. But if they only serve ads, wouldn't it be better to only block the suspicious scripts instead of blocking the whole site? It's adblockers job to block ads scripts, and they do it by blocking the ad related scripts on a webpage without blocking it completely. Without ESET's HTTPS scanning, there is no block from ESET as the ad-related scripts are blocked by the adblocker. Without adblocker+without HTTPS scanning ESET let me visit the site and only block the bad third party connections. With HTTPS scanning + adblocker installed, ESET completely block access to the site. I believe it's due HTTPS protocol , when you enable scanning , it can catch the script , when you disable the HTTPS scanning , it just cannot detect it because it's encrypted connection Because the website is running on HTTPS , for example if it's accessible on HTTP , then the access will again get blocked even if HTTPS scanning is off. Edited November 14, 2022 by Nightowl
Administrators Marcos 5,443 Posted November 14, 2022 Administrators Posted November 14, 2022 We always block the whole page that contains a malicious JavaScript. If an executable infected with a file infector is detected, it is not possible to block just the virus code and let the executable run without cleaning the virus first either. Nightowl and peteyt 2
SeriousHoax 87 Posted November 14, 2022 Posted November 14, 2022 8 minutes ago, Nightowl said: I believe it's due HTTPS protocol , when you enable scanning , it can catch the script , when you disable the HTTPS scanning , it just cannot detect it because it's encrypted connection Because the website is running on HTTPS , for example if it's accessible on HTTP , then the access will again get blocked even if HTTPS scanning is off. I understand that. But I just think it's too aggressive to block a whole website if the loaded script is related to ads only. It's fine for malicious scripts. Haven't checked recently, but I saw in the past Kaspersky blocking suspicious ad related script on a website without fully blocking access to it. Might have seen Bitdefender doing it also on some rare occasion. So, it's possible to do that, but ESET takes a different approach. I prefer Kaspersky's approach, but it is what it is. They have their reasons. Anyway, my default browser is set in the Ignore list of HTTPS scanning mainly because of browsing speed impact (it's fast, but it's slow enough that I notice it on 8/10 websites), so it's not an issue for me. My DNS based protection and adblocker are enough for me to avoid HTTPS scanning on the browser.
Administrators Marcos 5,443 Posted November 14, 2022 Administrators Posted November 14, 2022 If a malicious script is loaded from another url, only the JS is blocked and the website loads normally. However, if it's injected in a legitimate web page, only the whole page can be blocked.
SeriousHoax 87 Posted November 14, 2022 Posted November 14, 2022 2 minutes ago, Marcos said: If a malicious script is loaded from another url, only the JS is blocked and the website loads normally. However, if it's injected in a legitimate web page, only the whole page can be blocked. I see, interesting. That's good to know.
Recommended Posts