Tony_M 0 Posted June 28, 2024 Posted June 28, 2024 Hello, I have 1000 alerts for JS/RiskWare.Fingerprint.B associated with Riskified, and I would like to add an exception for https://beacon.riskified.com/. How can I do this? Thank you.
Administrators Marcos 5,735 Posted June 28, 2024 Administrators Posted June 28, 2024 Please create a detection exclusion like this:
Tony_M 0 Posted June 28, 2024 Author Posted June 28, 2024 I added an exclusion to the policy, but I am still receiving alerts.
Administrators Marcos 5,735 Posted June 28, 2024 Administrators Posted June 28, 2024 It's a performance exclusion, in my screenshot it was a detection exclusion. You can exclude the detection name via the Detections panel -> Create exclusion
Tony_M 0 Posted June 28, 2024 Author Posted June 28, 2024 I'm concerned that this might be too large, as I have received alerts for JS/RiskWare.Fingerprint.B, which isn't linked to Riskified. Is there another option ? I don't want to allows all potential threats named S/RiskWare.Fingerprint.B
itman 1,922 Posted June 28, 2024 Posted June 28, 2024 Refer to this posting: https://forum.eset.com/topic/41458-jsriskwarefingerprintb/#comment-186110 . Using a good ad blocker such as uBlock Origin blocks the domain from rendering in the browser.
Tony_M 0 Posted June 28, 2024 Author Posted June 28, 2024 (edited) Thanks but i've already read this post, but in my organization, it's inconceivable to install an add-on like uBlock. Edited June 28, 2024 by Tony_M
itman 1,922 Posted June 28, 2024 Posted June 28, 2024 27 minutes ago, Tony_M said: Why i can't do that ? Did you test to see if it works?
Tony_M 0 Posted June 30, 2024 Author Posted June 30, 2024 The example I provided doesn't exist; I created it using element inspection. My question is why I can't create an exception like this in ESET?
itman 1,922 Posted June 30, 2024 Posted June 30, 2024 (edited) If you refer to the provided detection exclusion by @Marcos https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/?do=findComment&comment=186328, the exclusion only pertains to https://beacon.riskified.com . Edited June 30, 2024 by itman
syndou2019 0 Posted July 15, 2024 Posted July 15, 2024 On 6/30/2024 at 9:14 AM, itman said: If you refer to the provided detection exclusion by @Marcos https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/?do=findComment&comment=186328, the exclusion only pertains to https://beacon.riskified.com . Sorry to post kind of dead thread but this fix does not work for us - we do not have the ability to type in the address and detection type like solution Marcos suggested - they use ESET SMART SECURITY, and not ESET PROTECT Cloud, and I dont think that Tony_M was able to get working either and give up I see this when making exclusion for beacon.riskified detection event Set by Path & Detection - am unable to 'wildcard' domain beacon.riskified - nowhere to edit wildcard Exact File - not confident this will exclude all detection events for all beacon.riskified domain access as different hash for riskified when riskified used on other e-commerce website Detection - excludes every instance of JS/Fingerprint.B - ESET does not recommend excluding entire detection types as it may increase infection chance ESET Documents also say detection cannot be set in policies anymore - see here https://help.eset.com/protect_cloud/en-US/create_exclusion.html So how do we make sure we don't see detection events for all of beacon.riskified.com domain? Should we exclude all of JS/Fingerprint.B? I am not so sure as may be malicious in other detections and websites, no? Thank you for your time I appreciate your responses.
syndou2019 0 Posted July 30, 2024 Posted July 30, 2024 Hello, I have not received a response in two weeks Should I understand that there is not a solution for this?
Administrators Marcos 5,735 Posted July 31, 2024 Administrators Posted July 31, 2024 Are there too many different urls where the detection occurred so that selecting the option "Path & detection" would be cumbersome to use? There's a good chance that in future versions of ESET PROTECT it will be possible to edit the path before creating the exclusion and thus exclude the detection on a whole domain.
P4r4do0x 1 Posted September 18, 2024 Posted September 18, 2024 (edited) Hello @Marcos, just to add context on what the previous @syndou2019 sent, yes, there are way to many different URL's and they're all unique at some point in the full URL contents. For exp, the usual detection is : https://beacon.riskified.com/?shop=https:// site.domain.com&sid=Randomstrings/numbers The &sid= is always unique, therefore it's impossible to add individual exclusions in Protect. Any other suggestions? Edited September 18, 2024 by P4r4do0x Tag
Administrators Marcos 5,735 Posted September 18, 2024 Administrators Posted September 18, 2024 If you don't want to exclude the detection completely, you can add the url to the list of addresses excluded from content scan in the Web access protection setup as follows: P4r4do0x 1
niktrs 0 Posted September 20, 2024 Posted September 20, 2024 On 7/31/2024 at 1:05 PM, Marcos said: Are there too many different urls where the detection occurred so that selecting the option "Path & detection" would be cumbersome to use? There's a good chance that in future versions of ESET PROTECT it will be possible to edit the path before creating the exclusion and thus exclude the detection on a whole domain. One workaround could be editing the exception on the client machine, export to file and then import it on the server.
Recommended Posts