Jump to content

I'm using Internet security and i'm getting bloked in some sites


Recommended Posts

I was able to get to the site animeshow.tv  in my previews windows 11  i had. but today i did a clean install of windows 11 22h2, and installed again the ESET IS product. but when i tried to open that site i'm getting bloked by the the IS with alert about "JS/Adware.Subprop.Y" threat.

Even in gogoanime.tel that i can open, it is blocking some of the Video streaming players like Vidstreaming and gogo Server with HTML/ScrInject.B threat. and in my previews windows 11 i also didn't get it on those players.....

So how do i solve it if it is false alert ? or maybe those are real threats?

 

Link to comment
Share on other sites

  • Administrators

The detection is correct. An administrator of the website must remove the javascript adware but I'm afraid it's used on purpose by the owner.

Link to comment
Share on other sites

Then why i didn't get it on my previous Windows 11 which was exactly the same as this in terms of updates and IS version

Link to comment
Share on other sites

  • Administrators

It could be that the Insider preview version of Windows 11 contains an updated version of Edge which might use a different user-agent to which the adware didn't react and didn't inject into web pages.

Link to comment
Share on other sites

On 11/10/2022 at 2:36 AM, Marcos said:

Doesn't matter. I've checked the source code and it indeed loads JS/Adware.Subprop.

Do these scripts eventually lead to downloading malware if the user doesn't have a third-party AV or any ad blocker installed? 

Link to comment
Share on other sites

  • Administrators
19 minutes ago, SeriousHoax said:

Do these scripts eventually lead to downloading malware if the user doesn't have a third-party AV or any ad blocker installed? 

I assume they download only ads. These scripts are heavily obfuscated so it's not easy to find out what exactly they do.

Link to comment
Share on other sites

10 minutes ago, Marcos said:

I assume they download only ads. These scripts are heavily obfuscated so it's not easy to find out what exactly they do.

I see. But if they only serve ads, wouldn't it be better to only block the suspicious scripts instead of blocking the whole site? It's adblockers job to block ads scripts, and they do it by blocking the ad related scripts on a webpage without blocking it completely. Without ESET's HTTPS scanning, there is no block from ESET as the ad-related scripts are blocked by the adblocker. Without adblocker+without HTTPS scanning ESET let me visit the site and only block the bad third party connections. With HTTPS scanning + adblocker installed, ESET completely block access to the site. 

Link to comment
Share on other sites

  • Most Valued Members
6 minutes ago, SeriousHoax said:

I see. But if they only serve ads, wouldn't it be better to only block the suspicious scripts instead of blocking the whole site? It's adblockers job to block ads scripts, and they do it by blocking the ad related scripts on a webpage without blocking it completely. Without ESET's HTTPS scanning, there is no block from ESET as the ad-related scripts are blocked by the adblocker. Without adblocker+without HTTPS scanning ESET let me visit the site and only block the bad third party connections. With HTTPS scanning + adblocker installed, ESET completely block access to the site. 

I believe it's due HTTPS protocol , when you enable scanning , it can catch the script , when you disable the HTTPS scanning , it just cannot detect it because it's encrypted connection

Because the website is running on HTTPS , for example if it's accessible on HTTP , then the access will again get blocked even if HTTPS scanning is off.

Edited by Nightowl
Link to comment
Share on other sites

  • Administrators

We always block the whole page that contains a malicious JavaScript. If an executable infected with a file infector is detected, it is not possible to block just the virus code and let the executable run without cleaning the virus first either.

Link to comment
Share on other sites

8 minutes ago, Nightowl said:

I believe it's due HTTPS protocol , when you enable scanning , it can catch the script , when you disable the HTTPS scanning , it just cannot detect it because it's encrypted connection

Because the website is running on HTTPS , for example if it's accessible on HTTP , then the access will again get blocked even if HTTPS scanning is off.

I understand that. But I just think it's too aggressive to block a whole website if the loaded script is related to ads only. It's fine for malicious scripts. Haven't checked recently, but I saw in the past Kaspersky blocking suspicious ad related script on a website without fully blocking access to it. Might have seen Bitdefender doing it also on some rare occasion. So, it's possible to do that, but ESET takes a different approach. I prefer Kaspersky's approach, but it is what it is. They have their reasons. Anyway, my default browser is set in the Ignore list of HTTPS scanning mainly because of browsing speed impact (it's fast, but it's slow enough that I notice it on 8/10 websites), so it's not an issue for me. My DNS based protection and adblocker are enough for me to avoid HTTPS scanning on the browser.

Link to comment
Share on other sites

  • Administrators

If a malicious script is loaded from another url, only the JS is blocked and the website loads normally. However, if it's injected in a legitimate web page, only the whole page can be blocked.

Link to comment
Share on other sites

2 minutes ago, Marcos said:

If a malicious script is loaded from another url, only the JS is blocked and the website loads normally. However, if it's injected in a legitimate web page, only the whole page can be blocked.

I see, interesting. That's good to know. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...