ANSWERED White listing a domain

[Chandramathi]

We, Zoho WorkDrive are a Cloud based Content Collaboration Software provided by Zoho Corporation; check this link - https://www.zoho.com/workdrive/ for more details. Our product has a https://help.zoho.com/portal/kb/articles/external-file-sharing-in-team-folder#To_share_a_file_externally_from_a_Team_Folder which allows files/folders uploaded to WorkDrive and can be shared to everyone on the internet by generating an external link for the file. These hyperlinks are shortened links such as this one https://tdrive.li/J8HFH_WorkDriveDemo. 

Recently some of our customer complained that the following domain https://tdrive.li has been blocked by malwarebytes. Is it possible to whitelist the mentioned domain? And also can you let us know why the above domain has been blacklisted/blocked by malwarebytes?

[Dashke]

We are not blocking this domain with MB.

Can you please attach a screenshot?

 

[Chandramathi]

Hi @Dashke,

This was reported by some of our customers. Will try to gather necessary information from them and get back to you.

[leo3487]

Blocked by Browser Guard due reputation

[leo3487]

@gonzo check it

[redwolfe_98]

in my opinion, "tdrive.li" should not be unblocked. it is a "SHORTENED URL" used for downloading files from "zoho-drive" where anyone can upload any file, including malware, and then use the "tdrive.li" URL for distributing the malware across the internet. it is potentially a huge security-risk.

i am concerned that malwarebytes might simply unblock everything simply because someone requested it without considering that it might not be a good idea to unblock it, making MBG useless.

[redwolfe_98]

as can be seen in the screenshot, it is easy to continue to the website (or whatever the link is pointing to) without whitelisting the URL. MBG just shows a warning that downloading files from the website is a (huge) security-risk.

[redwolfe_98]

individuals who want to risk downloading and executing files from zoho-drive can whitelist the URL's on their own individual computers. note the option for "do not block this site again for (downloading) malware"

[leo3487]

55 minutes ago, redwolfe_98 said:

individuals who want to risk downloading and executing files from zoho-drive can whitelist the URL's on their own individual computers. note the option for "do not block this site again for (downloading) malware"

Your pointy is not valid, as with same think Malwarebytes  should block Onedrive, Dropbox, Mega,  MediaFire, etc file-sharing services

[Chandramathi]

Hi @redwolfe_98,
Thank you for sharing your comments. I'd like to inform you that the shortened_url domain itself is not a malicious site and here are the steps we perform to ensure that malware content does not get hosted from Zoho WorkDrive : 
1. We do have an Anti Virus scan in place which validates the files during upload. So most malwares can not be uploaded to the cloud at all.
2. We also do have a spam and fraudulence detection algorithm in place which identifies if the uploaded files are phishing documents.

So most spamming documents do get filtered out as spam and never get published. Despite our best efforts to identify spam and spammers a few spam files did get published which were duly pulled down. So we do think presence of one or two links should not cause the entire domain "tdrive.li" to be considered a threat. Rather the individual link that had the spam file can be considered a threat.

[Chandramathi]

Hi @Dashke
Is it possible to remove the warning sign that appears for the"tdrive.li" domain?

[gonzo]

It has been whitelisted.

[Chandramathi]

Hi @gonzo,
Thank you for delisting and can you let us know why the domain was blacklisted? 

[exile360]

All non-standard TLD's are blocked by default by Malwarebytes Browser Guard, so basically any TLD other than the most common ones such as .com and .net etc.  It is aggressive, but also most effective since a large portion of malicious sites use non-standard TLD's due to their lower cost/easier access.