Tony_M 0 Posted June 28 Share Posted June 28 Hello, I have 1000 alerts for JS/RiskWare.Fingerprint.B associated with Riskified, and I would like to add an exception for https://beacon.riskified.com/. How can I do this? Thank you. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted June 28 Administrators Share Posted June 28 Please create a detection exclusion like this: Quote Link to comment Share on other sites More sharing options...
Tony_M 0 Posted June 28 Author Share Posted June 28 I added an exclusion to the policy, but I am still receiving alerts. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted June 28 Administrators Share Posted June 28 It's a performance exclusion, in my screenshot it was a detection exclusion. You can exclude the detection name via the Detections panel -> Create exclusion Quote Link to comment Share on other sites More sharing options...
Tony_M 0 Posted June 28 Author Share Posted June 28 I'm concerned that this might be too large, as I have received alerts for JS/RiskWare.Fingerprint.B, which isn't linked to Riskified. Is there another option ? I don't want to allows all potential threats named S/RiskWare.Fingerprint.B Quote Link to comment Share on other sites More sharing options...
itman 1,783 Posted June 28 Share Posted June 28 Refer to this posting: https://forum.eset.com/topic/41458-jsriskwarefingerprintb/#comment-186110 . Using a good ad blocker such as uBlock Origin blocks the domain from rendering in the browser. Quote Link to comment Share on other sites More sharing options...
Tony_M 0 Posted June 28 Author Share Posted June 28 (edited) Thanks but i've already read this post, but in my organization, it's inconceivable to install an add-on like uBlock. Edited June 28 by Tony_M Quote Link to comment Share on other sites More sharing options...
Tony_M 0 Posted June 28 Author Share Posted June 28 Why i can't do that ?🤨 Quote Link to comment Share on other sites More sharing options...
itman 1,783 Posted June 28 Share Posted June 28 27 minutes ago, Tony_M said: Why i can't do that ? Did you test to see if it works? Quote Link to comment Share on other sites More sharing options...
Tony_M 0 Posted June 30 Author Share Posted June 30 The example I provided doesn't exist; I created it using element inspection. My question is why I can't create an exception like this in ESET? Quote Link to comment Share on other sites More sharing options...
itman 1,783 Posted June 30 Share Posted June 30 (edited) If you refer to the provided detection exclusion by @Marcos https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/?do=findComment&comment=186328, the exclusion only pertains to https://beacon.riskified.com . Edited June 30 by itman Quote Link to comment Share on other sites More sharing options...
syndou2019 0 Posted July 15 Share Posted July 15 On 6/30/2024 at 9:14 AM, itman said: If you refer to the provided detection exclusion by @Marcos https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/?do=findComment&comment=186328, the exclusion only pertains to https://beacon.riskified.com . Sorry to post kind of dead thread but this fix does not work for us - we do not have the ability to type in the address and detection type like solution Marcos suggested - they use ESET SMART SECURITY, and not ESET PROTECT Cloud, and I dont think that Tony_M was able to get working either and give up I see this when making exclusion for beacon.riskified detection event Set by Path & Detection - am unable to 'wildcard' domain beacon.riskified - nowhere to edit wildcard Exact File - not confident this will exclude all detection events for all beacon.riskified domain access as different hash for riskified when riskified used on other e-commerce website Detection - excludes every instance of JS/Fingerprint.B - ESET does not recommend excluding entire detection types as it may increase infection chance ESET Documents also say detection cannot be set in policies anymore - see here https://help.eset.com/protect_cloud/en-US/create_exclusion.html So how do we make sure we don't see detection events for all of beacon.riskified.com domain? Should we exclude all of JS/Fingerprint.B? I am not so sure as may be malicious in other detections and websites, no? Thank you for your time I appreciate your responses. Quote Link to comment Share on other sites More sharing options...
syndou2019 0 Posted July 30 Share Posted July 30 Hello, I have not received a response in two weeks Should I understand that there is not a solution for this? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted July 31 Administrators Share Posted July 31 Are there too many different urls where the detection occurred so that selecting the option "Path & detection" would be cumbersome to use? There's a good chance that in future versions of ESET PROTECT it will be possible to edit the path before creating the exclusion and thus exclude the detection on a whole domain. Quote Link to comment Share on other sites More sharing options...
P4r4do0x 1 Posted September 18 Share Posted September 18 (edited) Hello @Marcos, just to add context on what the previous @syndou2019 sent, yes, there are way to many different URL's and they're all unique at some point in the full URL contents. For exp, the usual detection is : https://beacon.riskified.com/?shop=https:// site.domain.com&sid=Randomstrings/numbers The &sid= is always unique, therefore it's impossible to add individual exclusions in Protect. Any other suggestions? Edited September 18 by P4r4do0x Tag Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,392 Posted September 18 Administrators Share Posted September 18 If you don't want to exclude the detection completely, you can add the url to the list of addresses excluded from content scan in the Web access protection setup as follows: P4r4do0x 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.