JS/Agent.NOQ trojan - Why is ESET still blocking this website

[Sonoran Desert 7]

ESS8 is blocking access to the website hxxp://www.puebloarts(111).orgbut if I use another computer running Webroot or Windows Defender I can access this site.

Virustotal.com does state there is one detection for this site by 'ADMINUSLabs" but also shows in the list that ESET says it is a clean site.

 

If virustotal.com is showing that ESET says it is a clean site why is ESET not allowing access to this site by saying it detects JS/Agent.NOQ trojan?

 

If this is an FP, how do I tell ESS8 to stop blocking it?

[ken1943 22]

I got blocked testing it. I didn't get a pop up warning. How come ?

[Marcos 5,074]

The website was compromised (looks like a SEO poisoning attack) and contains hidden text starting with "100% Authentic bee pollen and weight loss weight loss pills for you, Free Shipping to Worldwide...".

[Marcos 5,074]

If virustotal.com is showing that ESET says it is a clean site why is ESET not allowing access to this site by saying it detects JS/Agent.NOQ trojan?

 

On VirusTotal the website was shown as not blocked by ESET because it's not on ESET's blacklist. However, it was the malicious script which was detected upon download. 

[Sonoran Desert 7]

Marcos, thanks for the reply, clarification/information.

In my wife's' business it was required for her to go to this site and view some photos. It was an inconvenience to not be able to view the site with ESET blocking it.

As I mentioned earlier, we used a computer with Windows Defender which allowed access to the site.

After viewing the site on the non ESET computer I did a scan with ESET online scanner and nothing was detected.

 

How serious is the JS/Agent.NOQ trojan and would I (should I) be able to add an exclusion in ESET to be able to visit this site in the future?

I'm thinking too the owners of this website probably don't know it's being flagged by ESET.

Any further info/opinion would be most appreciated.

[Marcos 5,074]

I'd strongly not recommend excluding an infected website from scanning. Instead, contact the owner and inform him or her about the infection on the website. After they have cleaned it, ESET will not detect the malware and block the website any more.

[Sonoran Desert 7]

Thank you for the prompt reply and info.

I did contact the webmaster of this site to inform them.

 

It's interesting Webroot did not detect this and of course Windows Defender could not be expected to.

The dead on accuracy and outstanding support is why I use and stay with ESET.  

[SweX 871]

The web access protection is not active on VirusTotal afaik when you run a URL check, in the product WAP scans web content in real-time as it is loaded in the browser and will detect and block threats if anything is found like in your case. Windows defender does not include any type of web protection afaik, so no surprise that it said nothing about it.

 

Exluding the website to be able to access it = bad idea. Better have them clean the site so your wife (and others) can access it safely afterwards.