Hi,
I believe hxxps://jobs.staffs.ac.uk/ is getting a false-positive for trojans... unless, of course, there is a trojan on the system we're not aware of, and there is somewhere I can see exactly why it's being blocked?
To be clear, I am not the website owner (that is Staffordshire University), but I am part of the third-party software supplier who runs the website which is hosted on Staffordshire University servers.
Is it possible to have the block removed?
Here is the excerpt from the log file (which I hope is sufficient)...
08/10/20 " 14:40:12.773" 973234328 144c 2248 INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 1054 "Connection blocked! ProcessId=16760 ProcessPath=C:\Program Files\Mozilla Firefox\firefox.exe Domain=jobs.staffs.ac.uk Address=52.169.199.180 Port=443 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist"
08/10/20 " 14:40:12.773" 973234328 144c 2248 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1919 "Block notification callback 'jobs.staffs.ac.uk' '52.169.199.180' 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20 " 14:40:12.773" 973234328 144c 2248 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1920 "AppDetectionNotification=F, BlockNotification=T"
08/10/20 " 14:40:12.779" 973234328 144c 2248 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1551 "Malicious Website Protection, domainblocklist, 52.169.199.180, jobs.staffs.ac.uk, 443, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe"
08/10/20 " 14:40:12.779" 973234328 144c 222c INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 2022 "Block notification callback impl 'jobs.staffs.ac.uk' '52.169.199.180' 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20 " 14:40:12.780" 973234328 144c 222c INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails "mwaccontrollerimplhelper.cpp" 2006 "White list disposition (0) for 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20 " 14:40:12.785" 973234343 144c 2228 INFO MWACControllerCOM CMWACController::TelemetryDataCallbackV3 "mwaccontroller.cpp" 1990 "Successfully sent the block event data to telemetry server."
And although I guess you don't need it with the above, here is a screen shot...
Many thanks,
Tom (Stonefish Software Ltd)