Jump to content

jkstark

Members
  • Content Count

    12
  • Joined

  • Last visited

About jkstark

  • Rank
    New Member
  1. OK - so the file is on their site... I still question the logic of blocking the entire domain for a single file... Note that I have no affiliation with the site other than trying to go there and get information on a product that I have... Kris
  2. A single file on the domain? Or is that even on that domain? I see where it is referring to a keygen, but I have no idea where that is found - VT does not show the origin site. Even then, I have to question the idea of blocking an entire domain unless the site is a source of a drive-by download, or is comprised mainly of malicious content. For a single file to be the cause of a block seems a tad bit excessive if it requires knowledge of where the file is specifically... This seems like the kind of a situation where informing the domain owner would be ideal to resolving, since it is a hardware manufacturer's site, and the particular domain is a redirect primarily - thus indicating a domain that probably does not always have a whole lot of attention paid to it since there should be nothing directly accessible there - or so it seems from a first glance...
  3. Yet another apparent FP - tecknetonline.com Virustotal: https://www.virustotal.com/gui/url/0cbe5aa2d1e244568479e2e175397db66f984e6aee4cb17927af3de1e26253d3/detection Seems to me that "Riskware" should not block an entire domain even if there is some there - it should block the actual program that is shown to be problematic... This seems like a bit of an overreach... Kris Seem
  4. It appears that Untroubled.org as a whole is being blocked; Virustotal comes up clean on the site: This is a page: https://www.virustotal.com/gui/url/c17885174580a1fd407c1d0523d667d1426e279f5c11341b468f168d0172d6c4/detection And the root of the site: https://www.virustotal.com/gui/url/7afd0a370aa9e98e70d3d5536a3b7c701e9f9cfeed12016b91f52ed350a866d5/detection
  5. Sorry - but this one did not clear with the whitelisting either... Still showing up as blocked in both the app and the browser extension, just as the Cox site is..
  6. https://www.virustotal.com/gui/url/586634761d0c1cd3714d9bddb4cf4e34b86482b801086e706eaddbc35a726112/detection
  7. I can't find any reason for this to be blocked - can you verify please and indicate what kind of riskware is this referencing, or if none, why is the FP there... covid-19supplies.net TNX Kris
  8. Whitelisted? This is 5 hours after your whitelisting:
  9. jkstark

    TLD block

    Thank you. I assumed that you are not the person who decided upon such a policy, but obviously I do not have any idea as to who did make that policy, or how to contact them. It would stand to reason that somebody did come up with this idea, and that it also stands to reason (from simply reading through some of the topics here) that the policy is not only causing issues for me, but for a number of others as well. As to the domain level unblock vs the single host... I simply sent an image of what I was presented, with what I thought was reasonably clear in describing that the idea of a wholesale block was asinine... Seeing as the host that I provided was a second level subdomain, it would stand to reason that I am probably not referring to a single host - for that matter, I can't even begin to think as to how big your whitelist is getting to be if you by default whitelist single FQDNs, as opposed to domain level names. I apologize for not making myself any clearer and making the assumption that a domain level whitelist would have been put in place as the owner of a domain... Speaking of the whitelist - where can we see what that is? Also, I have asked before as well, but have not received any response as to where a domain / host / file can be validated as being in a blacklist or not, and especially for domains/hosts, what the evidence is for placing them in that blacklist, or at the very least a reason for them being in the blacklist, even if direct evidence is not show. Don't get me wrong - I like the product generally, and have purchased several licenses for installation on machine for several years now, but these kinds of problems are making me have to rethink the idea of supporting the organization or recommending the product... Tnx Kris
  10. jkstark

    TLD block

    Just the one, or a wildcard under that domain? Looking at other addresses, I see that it is just the single host - which is insane... While this is our corporate domain, and thus has several hosts internally that are not externally accessible, there are also a number of hosts that are designed to be accessed from the outside world. A single host being whitelisted is a backward process; you would not go and blacklist an entire .COM TLD, or a .FI, or even a .CX, and then provide whitelisting to a restricted number of hosts. While I can understand that there is a whole rash of bad actors at certain new TLDs, blocking an entire TLD is not an effective solution to fix this. If you want to take a reasonable approach, block "new" domains, until you have a chance to validate the host in question. However, domains that have been active for months or years should not have to deal with finding themselves categorically blacklisted because of a blanket blacklist without any validation. Beyond that, as I mentioned, your wording for what the error actually is and what is the cause of the alert as displayed is misleading and extremely difficult to understand for an average internet user. The end result of that is a a rise in support calls to staff for organizations whose hosts have been blacklisted. In this case - the error relates to a series of sites providing a service by the State of New York; your blanket blacklist is causing certain state employees from being able to complete their tasks, and preventing businesses in the state from being able to communicate with the state for regulatory issues... Please rethink your policies and provide for easier ways to make sure that false positives cannot happen easily, and when they do, provide automated systems for validating and fixing those false positives. I also can't be left in a situation where I have to check with you every time a new host is added to the domain to make sure that it also gets whitelisted - that is simply ineffective, overbearing, and inefficient... TNX Kris
  11. jkstark

    TLD block

    So - came across another TLD block that is an issue, and a further issue in that the information presented to the user is vague and misleading.. The initial wording makes perfect sense to people who have a background in networking/IT. To they lay person, it means nothing. The description below also does not say anything about what a TLD actually is. The problem that I have with this is that the wording makes it seem to lay person that the website that they are trying to visit is suspicious, not just that you block the entirity of the BIZ domain by default. While I have seen a large number of suspicious new TLDs such as '.CLUB', the BIZ TLD is significantly older and used by a good number of legit businesses. Sure, there are bad apples there too... However, if you want to block an entire TLD, you MUST make it extremely clear and explicit to the user that the block is because you block *ALL* .BIZ addresses, and not just the domain that the user is trying to get to. I also have a really hard time accepting that MB does not have a validation server for users (and outsiders) to check to see if a specific site is blocked and what the reasoning/evidence is for that block - something that I have had a need for earlier. I am a customer, and am generally pretty satisfied by the efficiency of the software and the level of protection, but the number of false positives is truly troubling. Please whitelist permanently - and rethink your message wording and your policy of wholesale blacklisting of TLDs... Tnx Kris
  12. So - I was attempting to go and take a look at the webpage of a hotel - www.augustlodge.com which resolves to 192.185.5.238. As you can imagine (since I'm here) the site was blocked. I came to the site here to find a lookup tool that would indicate which sites are *currently* listed as blocked, and why - and to my surprise did not find one. I hope that is due to my inability to search fully, and that you do have a lookup tool for sites which would indicate the status and the reason for that status. I realize that I technically *can* put into place an exception, based on the fact that virustotal does not find anything suspicious about the site, but that is not my intent at this stage. If I were to be able to see why the site is blocked, then I might be able to make a reasonable risk analysis to see if it should have a whitelist added to it or not. Looking through the source for the page, I do not see anything suspicious (using a computer without MB on it) either. However, the point is that I am loathe to ask any of the other users on this multi-computer license to place a specific site on their whitelist, as the idea behind this all is to keep them all safe without having to jump through hoops. On the other hand, if there is no valid way to validating a site to check for a FP, then the contents of the entire list become suspect... Further - your support chat is somehow "unavailable" during hours that you list it as being valid - what's up with that? Please, let me know ASAP as to the status of this domain so I don't have to deal with angry users either... Tnx Kris
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.