rduckie 0 Posted March 15, 2016 Share Posted March 15, 2016 Hello all, I resell Eset licensing as a partner and I've received multiple reports that users are unable to access certain legitimate websites. So far I've had reports that Well's Fargo's login page, Microsoft's office365 login page, and Yahoo mail login page were all being blocked by the Anti-Phishing protection within Eset. Each page was reported by a different user from three completely different network environments. Two were using Eset Endpoint Antivirus and the third was using Endpoint Security. So far the fastest way to resolve the issue was to temporarily disable the Anti-Phishing protection module. Has anyone else reported this issue, and is there a way permanently resolve it? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,407 Posted March 16, 2016 Administrators Share Posted March 16, 2016 This FP was fixed shortly after you reported it yesterday. We responded quickly to it by pausing updates and releasing a fixed module. Link to comment Share on other sites More sharing options...
kingoftheworld 10 Posted March 16, 2016 Share Posted March 16, 2016 This FP was fixed shortly after you reported it yesterday. We responded quickly to it by pausing updates and releasing a fixed module. More importantly, how is this being corrected for the future? This is the second time in two weeks that a bad definition file has been released and has caused significant issues. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,407 Posted March 17, 2016 Administrators Share Posted March 17, 2016 This FP was fixed shortly after you reported it yesterday. We responded quickly to it by pausing updates and releasing a fixed module. More importantly, how is this being corrected for the future? This is the second time in two weeks that a bad definition file has been released and has caused significant issues. In this case, users had an option to click a button to continue to the desired web page. Usually issues are not caused by a single failure and it's a chain of events that cause an issue in the end. While the former FP was caused by changes in an internal tool for pre-processing URLs, this time it was a false positive of a phishing database provider that also some other vendors use but made it to the update in error. We have taken measures to prevent FPs like that on popular domains. Link to comment Share on other sites More sharing options...
kingoftheworld 10 Posted March 17, 2016 Share Posted March 17, 2016 Well This FP was fixed shortly after you reported it yesterday. We responded quickly to it by pausing updates and releasing a fixed module. More importantly, how is this being corrected for the future? This is the second time in two weeks that a bad definition file has been released and has caused significant issues. In this case, users had an option to click a button to continue to the desired web page. Usually issues are not caused by a single failure and it's a chain of events that cause an issue in the end. While the former FP was caused by changes in an internal tool for pre-processing URLs, this time it was a false positive of a phishing database provider that also some other vendors use but made it to the update in error. We have taken measures to prevent FPs like that on popular domains. Well actually this was not the case. This false positive blocking https://login.microsoftonline.comprevented the proper use of our Microsoft Skype for Business client as it continuously prompted for a username and password and rejected any entry. Since this was not presented in a web browser, there was not option for the end user to override. The only work around was to disable protection or roll back updates. Link to comment Share on other sites More sharing options...
Recommended Posts