Jump to content

Security Check tool blocked


Zeus_Dog
Go to solution Solved by gonzo,

Recommended Posts

I wanted to point out that I tried to download this tool https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

to check it out and a second or two after it finishes download Browser Guard pops up and flags it then deletes the file from my downloads folder. Not sure if anyone else is having the problem. So I had to disable it to get it then ran checks with MBAM, Kaspersky, Emsisoft, and Bitdefender and they say it is clean but on Virus Total Malwarebytes and two others are flagging it. I attached the screen shot. Just thought you might want to know.

BrowserGuard.png

VirusTotal.png

Link to post
  • Staff

I have not been able to duplicate this in Chrome or Firefox on Windows 10.  Knowing that suspicious downloads are sometimes the result of a block on a referring domain, could you please tell us the steps you took to end up with this problem?  We need to be able to reproduce it before we can know exactly how to fix it.

Link to post

Hey Gonzo,

 

   I find it very inconsistent myself, but I would just either click on the link that Advanced setup had given or copy and paste it into a new tab and it would present a little Windows window "OpeningSecurityChec,exe" and ask to save or cancel. I would save, it would download, and then sometimes after the download was complete, it would then popup the Browser Guard window and delete the file from the downloads folder. Now I run Kaspersky Total Security as my main av, not sure if there is something there causing Browser Guard to randomly trigger on it??

Link to post
  • Staff

safezone.cc is in my whitelist.  That should also take care of subdomains.  Theoretically, that should also take care of suspicious downloads.  Theoretically, we should not have pandemics either.  I just tried to trigger it five times with Firefox.  It successfully downloaded each time.  Not being able to reproduce the problem, the best I can offer is to ask you to send me a debug log should it happen to you again. At least then, I will have something to look at that may yield a clue.

Link to post
  • Staff

Debug log is created in your \Downloads directory.  Look for a file with a "jsonl" extension.  WARNING: This puppy grows faster than the national debt.  A new log is started every time a new browser session starts (browser, not browser tab), but multiple tabs and long sessions create huge logs.

Ron beat me to the punch on the other part.

Link to post

I'm assuming you mean open up Browser Guard when this warning pops up and and click the three dots in upper right and click on support, and click download debug logs? If so do I have to do it when that warning is up? I did download the log a few minutes ago, I had received the error twice tonight, the browser has not been closed since this happened, but the tab it was in has. Not sure if that will have it in it?

Link to post
  • Staff

Your assumption is correct.  If you have not exited your browser, evidence may still be in the logs.  It also has a maximum size so the oldest data gets discarded to make way for new data.  With only a few minutes run time, you should be okay.  Download it, zip it up and send it over. The ZIP file will be fairly small (comparably).

Link to post
  • Staff

Could you see if you can determine the identity of this Firefox extension:

6d0326e4-7a4a-475a-a805-1830dd84caaf

It is causing a scam detection (only once) associated with a download of the file in question.  It is in the logfile at line 901.  Are you using a download manager?

I'm at about 10.5 hours in for the day, and I can hear a pizza off in the distance calling my name.  With what I have found and what further you may be able to tell me, I will talk to the developer in the morning.

Link to post
  • Staff
  • Solution

It appears there is an interaction between uMatrix and Browser Guard that is causing the issue.  It appears in line 901 of the log file, but only appears once in the file overall.  Because there is not a external URL that can be added to an Allow list, I would look to see if something could be done from the uMatrix side to allow Browser Guard operation.  From reading about uMatrix, it appears that it is doing the same thing as Browser Guard, but being able to go after scripts which Browser Guard may use during operation my also cause uMatrix to target Browser Guard.  I don't think either product or the file you are trying to download are problems on their own, but the interactions between them can be.

Link to post

Just so you know, at this time it appears that uMatrix is not being developed anymore, so it won't get fixed on that side. But at least we know the issue and if someone has to temporarily disable one to get it, it is what it is. It is simple enough, and as long as the file seems safe, (thoughts of the Solarwinds supply chain attack is what prompted me to wonder with the virustotal hits) then it is all we can do. Glad I could help.

Link to post

I do to, but umatrix has some nice abilities as well with script, xhr, frame and other blockings that noscript and ublock don't cover. There is overlap, but also things each one can do that the other ones can't. I have found these to be a great one, two, three punch.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.