Author Topic: Blocked treat. Where is the logfile? (Read 1815 times)

Ferrari328 · « **on:** July 23, 2019, 03:19:36 PM »

I searched the forums for this and get 0 hits. Anyone? I know where the logfiles are kept.

Pondus · « **Reply #1 on:** July 23, 2019, 03:33:34 PM »

Quote

Topic: Blocked treat. Where is the logfile?

Quote

Anyone? I know where the logfiles are kept.

just to clarify: Do you know? or Do you not know? or do you mean it blocked a threat and the result is not in the log file?

Ferrari328 · « **Reply #2 on:** July 23, 2019, 03:44:02 PM »

I know where the log files are kept. I'm asking what log file has information about this event.

igor · « **Reply #3 on:** July 23, 2019, 05:30:00 PM »

I'm afraid you'd have to be more specific about the particular threat (its type, the shield, ...)

DavidR · « **Reply #4 on:** July 23, 2019, 06:48:44 PM »

As has been mentioned we need more information.

If you are getting a threat detection (Avast alert window), a screenshot could help us determine which shield it is and the location of its log file.

Ferrari328 · « **Reply #5 on:** July 23, 2019, 08:15:05 PM »

Thanks. Here's the screenshot.

Pondus · « **Reply #6 on:** July 23, 2019, 08:27:07 PM »

The bottom of your screenshot, it say "Detected by: Web shield"

DavidR · « **Reply #7 on:** July 23, 2019, 08:45:30 PM »

Look here, C:\ProgramData\AVAST Software\Avast\report\WebShield.txt the file can be viewed in notepad and the entries are in reverse chronological order, e.g. the latest entries are at the bottom of the file.

Given the screenshot, what would be reported in the above file would be very much the same. Is there an alternate reason you would need to view the report file ?

Ferrari328 · « **Reply #8 on:** July 23, 2019, 08:55:59 PM »

Thanks that was helpful, sort of. I was hoping for more detailed information as to what caused the threat. As you said, there was no more info in that file. It just says Inoreader but I was hoping to see what RSS feed caused this.

DavidR · « **Reply #9 on:** July 23, 2019, 10:31:12 PM »

Unfortunately it doesn't go into much more detail than the alert itself.

According to this it is something in the PHP functioning on the site - frequently this can be the site having old PHP software which could be vulnerable to exploit. That would require action my the site owner of their host to update the PHP software.

https://www.guru99.com/what-is-php-first-php-program.html

Ferrari328 · « **Reply #10 on:** July 23, 2019, 10:38:30 PM »

davidr, thanks for the help. Ironically the RSS feed was from SANS Internet Storm. I contacted them but haven't heard back.

DavidR · « **Reply #11 on:** July 23, 2019, 11:35:31 PM »

You're welcome.

I'm not familiar with the SANS Internet Storm Center, so why there might be a link to inoreader.com is something I don't know.

Though a quick search for SANS Internet Storm Center found this https://www.incidents.org/ and I don't know if the two are related. If so I just wonder if it isn't something being investigated (3rd party link) that triggered it I just don't know (as an avast user).

Author Topic: Blocked treat. Where is the logfile? (Read 1815 times)

Ferrari328

Blocked treat. Where is the logfile?

Pondus

Re: Blocked treat. Where is the logfile?

Ferrari328

Re: Blocked treat. Where is the logfile?

igor

Re: Blocked treat. Where is the logfile?

DavidR

Re: Blocked treat. Where is the logfile?

Ferrari328

Re: Blocked treat. Where is the logfile?

Pondus

Re: Blocked treat. Where is the logfile?

DavidR

Re: Blocked treat. Where is the logfile?

Ferrari328

Re: Blocked treat. Where is the logfile?

DavidR

Re: Blocked treat. Where is the logfile?

Ferrari328

Re: Blocked treat. Where is the logfile?

DavidR

Re: Blocked treat. Where is the logfile?