Jump to content

jkstark

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. jkstark

    FP site block

    This was listed as a reputation block - what triggered that, I don't know. It is also one of those cases where Sucuri is not always a very good system for verification - they list a whole lot of errors when they receive a 403 response, which is caused by the WAF blocking the direct request that they are running... Oh well...
  2. jkstark

    FP site block

    OK - I get that. However, this is a site that has had 12,000 visits a month on average, with a high of over 70,000. The site has been there for 14 years, though there have been both host changes over the years as well as backend software changes. Seems suspect that it would be considered ligthy-accessed, or new. No idea what the "niche" status would be either... (BTW - radio propagation? Specific bands for general or personal use?) tnx - Kris
  3. jkstark

    FP site block

    This is strange... Browser Guard is blocking https://www.silknaturals.com while MB Premium which is also monitoring traffic does not block. Nothing shows up with Virustotal either... It gets truly frustrating that sites get blocked without any clear indication as to why, and no place to verify what is the cause of the block. As such, there is no way to independently verify if it is safe to bypass the block, or if there should be one there at all. The complete and utter randomness of when and how this happens is truly frustrating - in the time I have used the products, I think it may have blocked 1 malicious site, but probably about 15 false positives. What is going on? What is your criteria for inclusion, and how do you retest and validate the real-time validity of your blocklists? Frustratingly, I suspect that I'll get nothing more than a one-liner response to this one as well - I've tried to get answers similar to this several times now, and every time it gets buried under the rug as if there is no reason for you to burden your paying customers with any information about the validity of the product. I will certainly keep at least one subscription alive at all times only so as to be able to find the blocks when other clients/customers/users ask me why they can't get in to sites here and there, but for our own organization, I am really having to rethink the business case of continuing to purchase subscriptions for our own machines, and rethink my recommending the product for others without some indication of responsibility and transparency...
  4. OK - so the file is on their site... I still question the logic of blocking the entire domain for a single file... Note that I have no affiliation with the site other than trying to go there and get information on a product that I have... Kris
  5. A single file on the domain? Or is that even on that domain? I see where it is referring to a keygen, but I have no idea where that is found - VT does not show the origin site. Even then, I have to question the idea of blocking an entire domain unless the site is a source of a drive-by download, or is comprised mainly of malicious content. For a single file to be the cause of a block seems a tad bit excessive if it requires knowledge of where the file is specifically... This seems like the kind of a situation where informing the domain owner would be ideal to resolving, since it is a hardware manufacturer's site, and the particular domain is a redirect primarily - thus indicating a domain that probably does not always have a whole lot of attention paid to it since there should be nothing directly accessible there - or so it seems from a first glance...
  6. Yet another apparent FP - tecknetonline.com Virustotal: https://www.virustotal.com/gui/url/0cbe5aa2d1e244568479e2e175397db66f984e6aee4cb17927af3de1e26253d3/detection Seems to me that "Riskware" should not block an entire domain even if there is some there - it should block the actual program that is shown to be problematic... This seems like a bit of an overreach... Kris Seem
  7. It appears that Untroubled.org as a whole is being blocked; Virustotal comes up clean on the site: This is a page: https://www.virustotal.com/gui/url/c17885174580a1fd407c1d0523d667d1426e279f5c11341b468f168d0172d6c4/detection And the root of the site: https://www.virustotal.com/gui/url/7afd0a370aa9e98e70d3d5536a3b7c701e9f9cfeed12016b91f52ed350a866d5/detection
  8. Sorry - but this one did not clear with the whitelisting either... Still showing up as blocked in both the app and the browser extension, just as the Cox site is..
  9. https://www.virustotal.com/gui/url/586634761d0c1cd3714d9bddb4cf4e34b86482b801086e706eaddbc35a726112/detection
  10. I can't find any reason for this to be blocked - can you verify please and indicate what kind of riskware is this referencing, or if none, why is the FP there... covid-19supplies.net TNX Kris
  11. Whitelisted? This is 5 hours after your whitelisting:
  12. jkstark

    TLD block

    Thank you. I assumed that you are not the person who decided upon such a policy, but obviously I do not have any idea as to who did make that policy, or how to contact them. It would stand to reason that somebody did come up with this idea, and that it also stands to reason (from simply reading through some of the topics here) that the policy is not only causing issues for me, but for a number of others as well. As to the domain level unblock vs the single host... I simply sent an image of what I was presented, with what I thought was reasonably clear in describing that the idea of a wholesale block was asinine... Seeing as the host that I provided was a second level subdomain, it would stand to reason that I am probably not referring to a single host - for that matter, I can't even begin to think as to how big your whitelist is getting to be if you by default whitelist single FQDNs, as opposed to domain level names. I apologize for not making myself any clearer and making the assumption that a domain level whitelist would have been put in place as the owner of a domain... Speaking of the whitelist - where can we see what that is? Also, I have asked before as well, but have not received any response as to where a domain / host / file can be validated as being in a blacklist or not, and especially for domains/hosts, what the evidence is for placing them in that blacklist, or at the very least a reason for them being in the blacklist, even if direct evidence is not show. Don't get me wrong - I like the product generally, and have purchased several licenses for installation on machine for several years now, but these kinds of problems are making me have to rethink the idea of supporting the organization or recommending the product... Tnx Kris
  13. jkstark

    TLD block

    Just the one, or a wildcard under that domain? Looking at other addresses, I see that it is just the single host - which is insane... While this is our corporate domain, and thus has several hosts internally that are not externally accessible, there are also a number of hosts that are designed to be accessed from the outside world. A single host being whitelisted is a backward process; you would not go and blacklist an entire .COM TLD, or a .FI, or even a .CX, and then provide whitelisting to a restricted number of hosts. While I can understand that there is a whole rash of bad actors at certain new TLDs, blocking an entire TLD is not an effective solution to fix this. If you want to take a reasonable approach, block "new" domains, until you have a chance to validate the host in question. However, domains that have been active for months or years should not have to deal with finding themselves categorically blacklisted because of a blanket blacklist without any validation. Beyond that, as I mentioned, your wording for what the error actually is and what is the cause of the alert as displayed is misleading and extremely difficult to understand for an average internet user. The end result of that is a a rise in support calls to staff for organizations whose hosts have been blacklisted. In this case - the error relates to a series of sites providing a service by the State of New York; your blanket blacklist is causing certain state employees from being able to complete their tasks, and preventing businesses in the state from being able to communicate with the state for regulatory issues... Please rethink your policies and provide for easier ways to make sure that false positives cannot happen easily, and when they do, provide automated systems for validating and fixing those false positives. I also can't be left in a situation where I have to check with you every time a new host is added to the domain to make sure that it also gets whitelisted - that is simply ineffective, overbearing, and inefficient... TNX Kris
  14. jkstark

    TLD block

    So - came across another TLD block that is an issue, and a further issue in that the information presented to the user is vague and misleading.. The initial wording makes perfect sense to people who have a background in networking/IT. To they lay person, it means nothing. The description below also does not say anything about what a TLD actually is. The problem that I have with this is that the wording makes it seem to lay person that the website that they are trying to visit is suspicious, not just that you block the entirity of the BIZ domain by default. While I have seen a large number of suspicious new TLDs such as '.CLUB', the BIZ TLD is significantly older and used by a good number of legit businesses. Sure, there are bad apples there too... However, if you want to block an entire TLD, you MUST make it extremely clear and explicit to the user that the block is because you block *ALL* .BIZ addresses, and not just the domain that the user is trying to get to. I also have a really hard time accepting that MB does not have a validation server for users (and outsiders) to check to see if a specific site is blocked and what the reasoning/evidence is for that block - something that I have had a need for earlier. I am a customer, and am generally pretty satisfied by the efficiency of the software and the level of protection, but the number of false positives is truly troubling. Please whitelist permanently - and rethink your message wording and your policy of wholesale blacklisting of TLDs... Tnx Kris
  15. So - I was attempting to go and take a look at the webpage of a hotel - www.augustlodge.com which resolves to 192.185.5.238. As you can imagine (since I'm here) the site was blocked. I came to the site here to find a lookup tool that would indicate which sites are *currently* listed as blocked, and why - and to my surprise did not find one. I hope that is due to my inability to search fully, and that you do have a lookup tool for sites which would indicate the status and the reason for that status. I realize that I technically *can* put into place an exception, based on the fact that virustotal does not find anything suspicious about the site, but that is not my intent at this stage. If I were to be able to see why the site is blocked, then I might be able to make a reasonable risk analysis to see if it should have a whitelist added to it or not. Looking through the source for the page, I do not see anything suspicious (using a computer without MB on it) either. However, the point is that I am loathe to ask any of the other users on this multi-computer license to place a specific site on their whitelist, as the idea behind this all is to keep them all safe without having to jump through hoops. On the other hand, if there is no valid way to validating a site to check for a FP, then the contents of the entire list become suspect... Further - your support chat is somehow "unavailable" during hours that you list it as being valid - what's up with that? Please, let me know ASAP as to the status of this domain so I don't have to deal with angry users either... Tnx Kris
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.