Chandramathi Posted December 31, 2019 ID:1353387 Share Posted December 31, 2019 We, Zoho WorkDrive are a Cloud based Content Collaboration Software provided by Zoho Corporation; check this link - https://www.zoho.com/workdrive/ for more details. Our product has a https://help.zoho.com/portal/kb/articles/external-file-sharing-in-team-folder#To_share_a_file_externally_from_a_Team_Folder which allows files/folders uploaded to WorkDrive and can be shared to everyone on the internet by generating an external link for the file. These hyperlinks are shortened links such as this one https://tdrive.li/J8HFH_WorkDriveDemo. Recently some of our customer complained that the following domain https://tdrive.li has been blocked by malwarebytes. Is it possible to whitelist the mentioned domain? And also can you let us know why the above domain has been blacklisted/blocked by malwarebytes? Link to post
Staff Solution Dashke Posted December 31, 2019 Staff Solution ID:1353397 Share Posted December 31, 2019 We are not blocking this domain with MB. Can you please attach a screenshot? Link to post
Chandramathi Posted December 31, 2019 Author ID:1353401 Share Posted December 31, 2019 Hi @Dashke, This was reported by some of our customers. Will try to gather necessary information from them and get back to you. Link to post
leo3487 Posted January 12, 2020 ID:1355532 Share Posted January 12, 2020 Blocked by Browser Guard due reputation Link to post
leo3487 Posted January 13, 2020 ID:1355581 Share Posted January 13, 2020 @gonzo check it Link to post
redwolfe_98 Posted January 13, 2020 ID:1355648 Share Posted January 13, 2020 in my opinion, "tdrive.li" should not be unblocked. it is a "SHORTENED URL" used for downloading files from "zoho-drive" where anyone can upload any file, including malware, and then use the "tdrive.li" URL for distributing the malware across the internet. it is potentially a huge security-risk. i am concerned that malwarebytes might simply unblock everything simply because someone requested it without considering that it might not be a good idea to unblock it, making MBG useless. Link to post
redwolfe_98 Posted January 13, 2020 ID:1355651 Share Posted January 13, 2020 as can be seen in the screenshot, it is easy to continue to the website (or whatever the link is pointing to) without whitelisting the URL. MBG just shows a warning that downloading files from the website is a (huge) security-risk. Link to post
redwolfe_98 Posted January 13, 2020 ID:1355653 Share Posted January 13, 2020 individuals who want to risk downloading and executing files from zoho-drive can whitelist the URL's on their own individual computers. note the option for "do not block this site again for (downloading) malware" Link to post
leo3487 Posted January 13, 2020 ID:1355671 Share Posted January 13, 2020 55 minutes ago, redwolfe_98 said: individuals who want to risk downloading and executing files from zoho-drive can whitelist the URL's on their own individual computers. note the option for "do not block this site again for (downloading) malware" Your pointy is not valid, as with same think Malwarebytes should block Onedrive, Dropbox, Mega, MediaFire, etc file-sharing services Link to post
Chandramathi Posted January 13, 2020 Author ID:1355680 Share Posted January 13, 2020 Hi @redwolfe_98, Thank you for sharing your comments. I'd like to inform you that the shortened_url domain itself is not a malicious site and here are the steps we perform to ensure that malware content does not get hosted from Zoho WorkDrive : 1. We do have an Anti Virus scan in place which validates the files during upload. So most malwares can not be uploaded to the cloud at all. 2. We also do have a spam and fraudulence detection algorithm in place which identifies if the uploaded files are phishing documents. So most spamming documents do get filtered out as spam and never get published. Despite our best efforts to identify spam and spammers a few spam files did get published which were duly pulled down. So we do think presence of one or two links should not cause the entire domain "tdrive.li" to be considered a threat. Rather the individual link that had the spam file can be considered a threat. Link to post
Chandramathi Posted January 13, 2020 Author ID:1355681 Share Posted January 13, 2020 Hi @Dashke Is it possible to remove the warning sign that appears for the"tdrive.li" domain? Link to post
Staff gonzo Posted January 13, 2020 Staff ID:1355712 Share Posted January 13, 2020 It has been whitelisted. Link to post
Chandramathi Posted January 14, 2020 Author ID:1355838 Share Posted January 14, 2020 Hi @gonzo, Thank you for delisting and can you let us know why the domain was blacklisted? Link to post
exile360 Posted January 14, 2020 ID:1355866 Share Posted January 14, 2020 All non-standard TLD's are blocked by default by Malwarebytes Browser Guard, so basically any TLD other than the most common ones such as .com and .net etc. It is aggressive, but also most effective since a large portion of malicious sites use non-standard TLD's due to their lower cost/easier access. Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now