Jump to content

False Positive?


BillH99999

Recommended Posts

  • Staff

If you get that "continue..." choice, that is part of the block page.  You should not even see that.  I verified it is still blocked, which means that the whitelist has not propagated out yet.  It usually takes as much as an hour, though it could be shorter.  Give it a few minutes (and maybe a few more).

Link to post
  • Staff

Under normal circumstances, you would enter a webpage URL and go there.

If you hit a page blocked by Browser Guard, you would get our block page which contains a link that says "I want to continue to this site anyway" (right next to the GO BACK button).  Clicking that allows you to follow that link ONCE.  If you check the "Do not block..." checkbox before clicking the "continue" link, you would not be blocked in the future.  You likely did not check that checkbox.

Here, the link that gets blocked is an unusual one (www.s3.tgrmn.com).  You would not usually have a "www" preceding a subdomain name.  If you remove the "www", you will find that the remainder of that URL yields XML code that is an "access denied" message.  You wouldn't be able to travel that link anyway.

The whitelist has now propagated out, so the block has been removed.  You can see for yourself that it's essentially a deadend.  I do not know the cause.

Link to post
2 minutes ago, gonzo said:

If you hit a page blocked by Browser Guard, you would get our block page which contains a link that says "I want to continue to this site anyway" (right next to the GO BACK button).  Clicking that allows you to follow that link ONCE. 

That is what confused me.  I clicked on it and it didn't allow me to follow the link once.  It just blocked me again.

Link to post
  • Staff

Actually, it didn't block you AGAIN.  You asked to be permitted to go to www.s3.tgrmn.com, and it let you do that.  But because the website is configured strangely, you were sent to s3.tgrmn.com.  The first one is IP 99.84.231.152, and the second one is 99.84.231.188.  It is a uniquely different destination, and you were blocked at that destination as well.  Also, the whitelist entry had not propagated out by the time you tried.  You would get different results now, though they wouldn't be any more satisfying than the last time around.

Link to post

This one is a bit weird. 

I go to www.bulkrenameutility.co.uk and I'm not blocked. 

I click on Free Download and it takes me to https://www.bulkrenameutility.co.uk/Download.php and I am not blocked.  

I click on Install Bulk Rename Utility and it says I am blocked.  The URL it gives as being blocked is www.bulkrenameutility.co.uk which is the one that wasn't blocked the first two times.

Kind of confusing.  Why is the last one being blocked?

Thanks
Bill

Edited by BillH99999
Link to post
  • Staff

It is being blocked because the type of link is a common delivery method for malware.  I have added a whitelist entry for the site to see if this specific piece of the site is affected by whitelisting.

https://www.bulkrenameutility.co.uk/Downloads/BRU_setup.exe

Pages that are EXE download points will often come up as a block.  Give it an hour or so, and let us know if we have not cleared the problem.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.