CoreimsLtd Posted September 20, 2020 ID:1408663 Share Posted September 20, 2020 We are seeing website blocking false positives on all out subdomains. Our server antimalware reports no issues (including when scanned with Malwarebytes). Please remove the block. Link to post Share on other sites More sharing options...
Solution thisisu Posted September 20, 2020 Solution ID:1408673 Share Posted September 20, 2020 Hi, The block will be removed in the next update. Sorry for the inconvenience Regards Link to post Share on other sites More sharing options...
CoreimsLtd Posted September 20, 2020 Author ID:1408679 Share Posted September 20, 2020 Thank you, can you provide any insight into why this was blocked or which subdomain triggered the block? I would like to pass this back to our SOC so they can address whatever was triggering the false positive. Link to post Share on other sites More sharing options...
thisisu Posted September 20, 2020 ID:1408682 Share Posted September 20, 2020 I'm asking about it. I suspect it was this file that triggered the block but I'll let you know if it was something else: https://www.virustotal.com/gui/url/137d336094039a0d103b62d3cd1bd0ade76d20798cc242d0afc7169981b4232b/detection Link to post Share on other sites More sharing options...
CoreimsLtd Posted September 20, 2020 Author ID:1408684 Share Posted September 20, 2020 That's helpful thank you Link to post Share on other sites More sharing options...
Staff Dashke Posted September 21, 2020 Staff ID:1408719 Share Posted September 21, 2020 (edited) 12 hours ago, CoreimsLtd said: That's helpful thank you Hi, the block was put because of this file - coreims.co.uk/xxx but it seems unavailable now. Thanks! Edited September 21, 2020 by Dashke removed the link Link to post Share on other sites More sharing options...
CoreimsLtd Posted September 21, 2020 Author ID:1408722 Share Posted September 21, 2020 Thank you very much for the confirmation. Apparently that was a false positive on a winrar self extractor (file was clean according to on-demand scans using Malwarebytes, Sophos, Trend etc). We have replaced with a 7zip self extractor with the same name and similar functionality to try to avoid future false positives. This is not a URL we publish so if you could edit your post to remove the path that would be very helpfuly. Link to post Share on other sites More sharing options...
Staff Dashke Posted September 21, 2020 Staff ID:1408726 Share Posted September 21, 2020 Thanks for the explanation, the link has been removed. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now