help_needed 0 Posted July 27 Share Posted July 27 Using ESET Smart Security Premium 17.2.7.0 I've tried disabling "Web access protection" completely and also tried adding the website to URL list management allowed list. Tried adding the website to URL list management excluded list. None of the solutions work, it still blocks the traffic from the website. What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted July 27 Administrators Share Posted July 27 What website do you mean? Was there a threat detected when you opened it? Please post a screenshot of the alert for clarification. Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 Pretty sure that they generate the address dynamically. You're supposed to watch a video or click on some ads to get the link. The sight blocked is the one at the bottom, I guess this is where the script is located Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted July 28 Administrators Share Posted July 28 What website / url did you initially open in a browser? Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 https://content-hub.club/s?GkIw Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted July 28 Administrators Share Posted July 28 I'd recommend keeping away from that site. The detection is correct. And there's no useful content either anyways: Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 (edited) Actually there is, once you do what you're supposed to (you can see the step, they can be different, that's how these guys generate money). What I don't understand is why with all the settings (included *cloudfront.net in allowed and excluded list) it still gets blocked? Edited July 28 by help_needed Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted July 28 Administrators Share Posted July 28 4 minutes ago, help_needed said: What I don't understand is why with all the settings (included *cloudfront.net in allowed and excluded list) it still gets blocked? That would circumvent url blacklist but not actual threat detections. Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 So what should I do? Quote Link to comment Share on other sites More sharing options...
duytoi 0 Posted July 28 Share Posted July 28 2 hours ago, help_needed said: So what should I do? This might be a redirect website or a survey site to make money, but ESET checks and blocks it to prevent threats to Internet users, which is appropriate. Often, such sites tend to collect personal information. Follow the admin's advice, stay away from it, or you don't need to do anything. Alternatively, you can remove ESET from your computer and browse the web freely, which means you won't be protected. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted July 28 Share Posted July 28 (edited) 8 hours ago, help_needed said: https://content-hub.club/s?GkIw Eset initially detects this web site as a PUA. Notice that you are being redirected to another web site. Also, the redirected web site changes for each access. This alone should be warning enough to not access the web site. Edited July 28 by itman Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 I understand that I'm entering a dangerous territory but if it's ,my decision to enter I should be able to do it. Is the only option to pause threat detection or I can do something else? Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted July 28 Share Posted July 28 It's impossible to create an Eset exclusion for https://content-hub.club/s?GkIw. What is being detected/blocked is the domain redirect from it. Since the domain redirect changes with each access to https://content-hub.club/s?GkIw, there is no way to predetermine what the domain name is and set an exclusion for it. You could create an Eset real-time Detection exclusion for JS/Adware.Agent.CZ but that would apply to any web site you might access; something you definitely don't want to do. If you decide to proceed with this exclusion and get infected with malware, do not ask for malware removal assistance on this web site. Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 There's no need to keep the exclusion active at all times, I can use it only when I need it. Since I will not be downloading anything from these websites (I'm not that stupid) the only potential threat would be some high level 0-day exploit since my system is fully updated. What I would like is an instruction on how to create this exception and use it as needed Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted July 28 Share Posted July 28 Per sucuri.net analysis, https://content-hub.club/s?GkIw redirects to https://kmendation.com/s?GkIw . You can add it as an Eset web site malware scan exclusion per the below screen shot. If that doesn't work, you're on your own as far as setting up the correct web site malware scan exclusion; Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 28 Author Share Posted July 28 (edited) As it was discussed before, addition to the list will not prevent threat detection. Detection is not prevented even if I pause "Real time file system protection" or "Web access protection" Edited July 28 by help_needed Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted July 29 Administrators Share Posted July 29 Adding blocked urls to the list of allowed websites as well as creating a detection exclusion like this would allow you to open the site at your risk: Quote Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted July 29 Share Posted July 29 Add to detection exclusion as Marcos showed above. But at least visit websites like this in your browser's Private/Incognito mode. Quote Link to comment Share on other sites More sharing options...
help_needed 0 Posted July 29 Author Share Posted July 29 This fixes the detection problem but something is still blocking the traffic since I just get the circle spinning endlessly. I guess I'll have to keep on digging. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.