Jump to content

FP on 52.169.199.180


tomhartland

Recommended Posts

Hi,

I believe hxxps://jobs.staffs.ac.uk/ is getting a false-positive for trojans... unless, of course, there is a trojan on the system we're not aware of, and there is somewhere I can see exactly why it's being blocked?

To be clear, I am not the website owner (that is Staffordshire University), but I am part of the third-party software supplier who runs the website which is hosted on Staffordshire University servers.

Is it possible to have the block removed?

Here is the excerpt from the log file (which I hope is sufficient)...

08/10/20    " 14:40:12.773"    973234328    144c    2248    INFO    MwacLib    MwacLibImpl::InvokeBlockCallback    "mwaclibimpl.cpp"    1054    "Connection blocked! ProcessId=16760 ProcessPath=C:\Program Files\Mozilla Firefox\firefox.exe Domain=jobs.staffs.ac.uk Address=52.169.199.180 Port=443 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist"
08/10/20    " 14:40:12.773"    973234328    144c    2248    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback    "mwaccontrollerimplhelper.cpp"    1919    "Block notification callback 'jobs.staffs.ac.uk' '52.169.199.180' 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20    " 14:40:12.773"    973234328    144c    2248    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback    "mwaccontrollerimplhelper.cpp"    1920    "AppDetectionNotification=F, BlockNotification=T"
08/10/20    " 14:40:12.779"    973234328    144c    2248    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1551    "Malicious Website Protection, domainblocklist, 52.169.199.180, jobs.staffs.ac.uk, 443, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe"
08/10/20    " 14:40:12.779"    973234328    144c    222c    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl    "mwaccontrollerimplhelper.cpp"    2022    "Block notification callback impl 'jobs.staffs.ac.uk' '52.169.199.180' 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20    " 14:40:12.780"    973234328    144c    222c    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails    "mwaccontrollerimplhelper.cpp"    2006    "White list disposition (0) for 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20    " 14:40:12.785"    973234343    144c    2228    INFO    MWACControllerCOM    CMWACController::TelemetryDataCallbackV3    "mwaccontroller.cpp"    1990    "Successfully sent the block event data to telemetry server."

And although I guess you don't need it with the above, here is a screen shot...

image.png.2c1b0d2720907f5bc0fedeb8af87e042.png

 

Many thanks,

Tom (Stonefish Software Ltd)

Link to post
Share on other sites

  • Staff
5 minutes ago, tomhartland said:

Hi,

I believe hxxps://jobs.staffs.ac.uk/ is getting a false-positive for trojans... unless, of course, there is a trojan on the system we're not aware of, and there is somewhere I can see exactly why it's being blocked?

To be clear, I am not the website owner (that is Staffordshire University), but I am part of the third-party software supplier who runs the website which is hosted on Staffordshire University servers.

Is it possible to have the block removed?

Here is the excerpt from the log file (which I hope is sufficient)...

08/10/20    " 14:40:12.773"    973234328    144c    2248    INFO    MwacLib    MwacLibImpl::InvokeBlockCallback    "mwaclibimpl.cpp"    1054    "Connection blocked! ProcessId=16760 ProcessPath=C:\Program Files\Mozilla Firefox\firefox.exe Domain=jobs.staffs.ac.uk Address=52.169.199.180 Port=443 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist"
08/10/20    " 14:40:12.773"    973234328    144c    2248    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback    "mwaccontrollerimplhelper.cpp"    1919    "Block notification callback 'jobs.staffs.ac.uk' '52.169.199.180' 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20    " 14:40:12.773"    973234328    144c    2248    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback    "mwaccontrollerimplhelper.cpp"    1920    "AppDetectionNotification=F, BlockNotification=T"
08/10/20    " 14:40:12.779"    973234328    144c    2248    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1551    "Malicious Website Protection, domainblocklist, 52.169.199.180, jobs.staffs.ac.uk, 443, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe"
08/10/20    " 14:40:12.779"    973234328    144c    222c    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl    "mwaccontrollerimplhelper.cpp"    2022    "Block notification callback impl 'jobs.staffs.ac.uk' '52.169.199.180' 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20    " 14:40:12.780"    973234328    144c    222c    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails    "mwaccontrollerimplhelper.cpp"    2006    "White list disposition (0) for 'C:\Program Files\Mozilla Firefox\firefox.exe'"
08/10/20    " 14:40:12.785"    973234343    144c    2228    INFO    MWACControllerCOM    CMWACController::TelemetryDataCallbackV3    "mwaccontroller.cpp"    1990    "Successfully sent the block event data to telemetry server."

And although I guess you don't need it with the above, here is a screen shot...

image.png.2c1b0d2720907f5bc0fedeb8af87e042.png

 

Many thanks,

Tom (Stonefish Software Ltd)

Hello, thanks for bringing this to our attention. We've reviewed the site again and have determined it no longer warrants being blocked so we've removed it from our database. 

Removal should be reflected in the next database update going out in a few hours or so.

Link to post
Share on other sites

  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.