Exclusion of a potentially unsafe application, but only for a specific site or URL

[eitanc 2]

Hi,

I received an alert like the following:

"

Module HTTP filter - Threat Alert triggered on computer PCNAME:  https://beacon.riskified.com/?shop=wolt.com contains JS/Fingerprint.B potentially unsafe application.

"

I wish to have this potentially unsafe application stay enabled in general, but excluded for the relevant full URL, domain or sub-domain - but I didn't find a way to do it. Is there a way to do it?

[itman 1,741]

Refer to this recent posting on the issue: https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/ . Appears there still isn't a way to exclude the detection.

 

[Marcos 5,234]

11 hours ago, itman said:

Refer to this recent posting on the issue: https://forum.eset.com/topic/41524-jsriskwarefingerprintb-riskified/ . Appears there still isn't a way to exclude the detection.

 

The detection can be excluded for a specific url via detection exclusions in the advanced setup. However, in ESET PROTECT it not possible to edit the path when creating a detection exclusion so it would not work for urls that change.

[eitanc 2]

On 8/4/2024 at 11:19 AM, Marcos said:

The detection can be excluded for a specific url via detection exclusions in the advanced setup. However, in ESET PROTECT it not possible to edit the path when creating a detection exclusion so it would not work for urls that change.

Hi @Marcos, the advanced setup of the latest NOD32 > Detect Engine > Detection Exclusions > Add - allows a "path" value of only local drive path (e.g. c:\folder\file), not URLs, per its help page, https://help.eset.com/eav/17/en-US/idh_detection_exclusion.html

[Marcos 5,234]

I didn't find any mention of that url could not be used in the path in the help. It should work.

[itman 1,741]

30 minutes ago, Marcos said:

I didn't find any mention of that url could not be used in the path in the help. It should work.

I just tried to do so. Eset allow entry of URL w/o issue;

 

[eitanc 2]

11 minutes ago, itman said:

I just tried to do so. Eset allow entry of URL w/o issue;

 

Thank you @itman, cool! I tested it now, even by using a path of https://beacon.riskified.com/* and it works as expected.

But, as I noted, if you click the question mark in this windows, you get to a help page, URL added above, about this window, that doesn't mention anything about the ability to use URL and wildcards in the path field, and it is a shame - you have the ability in the product but you don't guide customers to use it, so customers cannot get more precise protection and you do not get good reviews from customers. Better enhance this help page.

[Marcos 5,234]

11 hours ago, eitanc said:

Better enhance this help page.

Appreciate the feedback. Noted and reported to the documentation team.

P_DOC-14762