jkstark Posted July 8, 2020 ID:1392904 Share Posted July 8, 2020 Yet another apparent FP - tecknetonline.com Virustotal: https://www.virustotal.com/gui/url/0cbe5aa2d1e244568479e2e175397db66f984e6aee4cb17927af3de1e26253d3/detection Seems to me that "Riskware" should not block an entire domain even if there is some there - it should block the actual program that is shown to be problematic... This seems like a bit of an overreach... Kris Seem Link to post Share on other sites More sharing options...
Staff Zynthesist Posted July 8, 2020 Staff ID:1392954 Share Posted July 8, 2020 Hello, Please see this file information: https://www.virustotal.com/gui/file/5f9a858a334f82118699b50897d879999288dc2e5f0cb38eb49cd05c7f6c0ebf/relations Link to post Share on other sites More sharing options...
jkstark Posted July 8, 2020 Author ID:1392987 Share Posted July 8, 2020 A single file on the domain? Or is that even on that domain? I see where it is referring to a keygen, but I have no idea where that is found - VT does not show the origin site. Even then, I have to question the idea of blocking an entire domain unless the site is a source of a drive-by download, or is comprised mainly of malicious content. For a single file to be the cause of a block seems a tad bit excessive if it requires knowledge of where the file is specifically... This seems like the kind of a situation where informing the domain owner would be ideal to resolving, since it is a hardware manufacturer's site, and the particular domain is a redirect primarily - thus indicating a domain that probably does not always have a whole lot of attention paid to it since there should be nothing directly accessible there - or so it seems from a first glance... Link to post Share on other sites More sharing options...
Staff Solution Zynthesist Posted July 8, 2020 Staff Solution ID:1392997 Share Posted July 8, 2020 Here is the link: http://tecknetonline.com/download/xf-adobecc2014.exe Link to post Share on other sites More sharing options...
jkstark Posted July 8, 2020 Author ID:1393002 Share Posted July 8, 2020 OK - so the file is on their site... I still question the logic of blocking the entire domain for a single file... Note that I have no affiliation with the site other than trying to go there and get information on a product that I have... Kris Link to post Share on other sites More sharing options...
Staff Zynthesist Posted July 8, 2020 Staff ID:1393025 Share Posted July 8, 2020 (edited) Yes we do focus our research on web threats, like those distributed via a domain. Edited July 8, 2020 by Zynthesist add info Link to post Share on other sites More sharing options...
Recommended Posts