Jump to content

JS/RiskWare.Fingerprint.B | Riskified


Recommended Posts

Hello,

I have 1000 alerts for JS/RiskWare.Fingerprint.B associated with Riskified, and I would like to add an exception for https://beacon.riskified.com/.

How can I do this?

Thank you.

Link to comment
Share on other sites

I added an exclusion to the policy, but I am still receiving alerts.
 

image.png.7ed6461915848563f532a3a1eaff1bf9.png

 

 

Link to comment
Share on other sites

  • Administrators

It's a performance exclusion, in my screenshot it was a detection exclusion. You can exclude the detection name via the Detections panel -> Create exclusion

 

image.png

Link to comment
Share on other sites

I'm concerned that this might be too large, as I have received alerts for JS/RiskWare.Fingerprint.B, which isn't linked to Riskified. Is there another option ? I don't want to allows all potential threats named S/RiskWare.Fingerprint.B 

Link to comment
Share on other sites

Posted (edited)
Thanks but i've already read this post, but in my organization, it's inconceivable to install an add-on like uBlock.
Edited by Tony_M
Link to comment
Share on other sites

27 minutes ago, Tony_M said:

Why i can't do that ?

Did you test to see if it works?

Link to comment
Share on other sites

The example I provided doesn't exist; I created it using element inspection. My question is why I can't create an exception like this in ESET?

Link to comment
Share on other sites

  • 3 weeks later...
On 6/30/2024 at 9:14 AM, itman said:

If you refer to the provided detection exclusion by @Marcos https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/?do=findComment&comment=186328, the exclusion only pertains to https://beacon.riskified.com .

 

Sorry to post kind of dead thread but this fix does not work for us - we do not have the ability to type in the address and detection type like solution Marcos suggested - they use ESET SMART SECURITY, and not ESET PROTECT Cloud, and I dont think that Tony_M was able to get working either and give up

I see this when making exclusion for beacon.riskified detection event

Set by Path & Detection - am unable to 'wildcard' domain beacon.riskified - nowhere to edit wildcard

image.png.3f7f8b13e1df7376c8c6f22c975c956a.png

 

Exact File - not confident this will exclude all detection events for all beacon.riskified domain access as different hash for riskified when riskified used on other e-commerce website

image.thumb.png.bca2127a5d60b9e482834f6176c1b86f.png

 

Detection - excludes every instance of JS/Fingerprint.B - ESET does not recommend excluding entire detection types as it may increase infection chance

image.thumb.png.b6784442d5cd187636ecfcb6e0712a9c.png

ESET Documents also say detection cannot be set in policies anymore - see here https://help.eset.com/protect_cloud/en-US/create_exclusion.html

image.png.19343898082d13fa4c8339acde70aa4a.png

So how do we make sure we don't see detection events for all of beacon.riskified.com domain? 

Should we exclude all of JS/Fingerprint.B? I am not so sure as may be malicious in other detections and websites, no?

Thank you for your time I appreciate your responses.

 

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

Are there too many different urls where the detection occurred so that selecting the option "Path & detection" would be cumbersome to use? There's a good chance that in future versions of ESET PROTECT it will be possible to edit the path before creating the exclusion and thus exclude the detection on a whole domain.

Link to comment
Share on other sites

  • 1 month later...

Hello @Marcos, just to add context on what the previous  @syndou2019 sent, yes, there are way to many different URL's and they're all unique at some point in the full URL contents. For exp, the usual detection is
https://beacon.riskified.com/?shop=https:// site.domain.com&sid=Randomstrings/numbers

The &sid= is always unique, therefore it's impossible to add individual exclusions in Protect. Any other suggestions?

Edited by P4r4do0x
Tag
Link to comment
Share on other sites

  • Administrators

If you don't want to exclude the detection completely, you can add the url to the list of addresses excluded from content scan in the Web access protection setup as follows:

image.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...