Author Topic: How do I suppress specific "threat secured" popups?  (Read 2425 times)

0 Members and 1 Guest are viewing this topic.

Offline Rundvleeskroket

  • Sr. Member
  • ****
  • Posts: 308
How do I suppress specific "threat secured" popups?
« on: August 09, 2019, 08:05:11 PM »
Hi. How do I suppress specific "threat secured" popups?

The last couple of days I get "threat secured" popups with the reason of "URL:blacklist". How do I suppress these popups if they are generated from a specific domain?

I don't want to get into a discussion about whether this is smart of safe. I'm pretty damn sure it is a false alarm. Or that perhaps something on the domain had at one point something nasty, but the subdomain / specific url I connect to does not and the block is overly broad. Even if it did, I don't even really mind the block itself, but the popups about it. I want them gone, without disabling the popup for other domains or possible legit threats.

FYI: I'm not connecting to this domain with a browser but with another application.

How do I go about doing this? Can I whitelist? Ignore?
« Last Edit: August 09, 2019, 08:09:44 PM by Rundvleeskroket »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85095
  • No support PMs thanks
Re: How do I suppress specific "threat secured" popups?
« Reply #1 on: August 09, 2019, 08:56:08 PM »
The short answer is that it would be dangerous to suppress such alerts, they are usually an indication that a URL has been previously infected or has been exploited.

The fact that 'you' aren't doing the connection doesn't really change the risk and may possibly even increase it.

Your best option is to have avast analyse it again using the Report Avast False Positive File or Website - please use the https://www.avast.com/false-positive-file-form.php.

However, if you accept the risk, then there is nothing to stop you adding the URL in the alert to the Web Shield exclusions of general exclusions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Rundvleeskroket

  • Sr. Member
  • ****
  • Posts: 308
Re: How do I suppress specific "threat secured" popups?
« Reply #2 on: August 09, 2019, 09:03:06 PM »
If I add it as an exclusion this would also prevent the block, right? If that is my only option I'll consider it. But that is not the same thing as having it continue the blocks, and just not alert me about it with an annoying popup when it's from this particular domain. That would be a better solution imo.

The problem is that the popups go over pretty much everything. So if I'm watching a video or something it'll be in my face and stay there until I dismiss it. I can't even get it to the background.

I'm hesitant to report a false positive because maybe something else on another subdomain is doing something untoward. So blocking that specific url would be warranted. Just not the whole domain.
« Last Edit: August 09, 2019, 09:08:30 PM by Rundvleeskroket »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85095
  • No support PMs thanks
Re: How do I suppress specific "threat secured" popups?
« Reply #3 on: August 10, 2019, 12:17:05 AM »
That is the purpose of the exclusions.

If you are hesitant in reporting it as a possible FP because it may be something untoward or sub-domain then I would question the use of exclusions unless you are 100% sure.

I didn't say block the whole domain, but the URL and my meaning is the FULL url shown in the alert/s (however a blacklisted 'domain' alert could imply the whole site/url is blocked).  But as you haven't posted any screenshot of the alert window, I have no detail to work with.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Rundvleeskroket

  • Sr. Member
  • ****
  • Posts: 308
Re: How do I suppress specific "threat secured" popups?
« Reply #4 on: August 10, 2019, 02:16:45 AM »
The alert suggests that the whole tld is blocked. Which is an overly broad way to address a supposed issue on some small part of it. Especially when not accessed via a browser.

Again: I don't necessarily need or want to exclude the domain. I'm at present fine with the blocks even if I'm confident the part I'm connecting to is perfectly safe. I do however want to suppress the popups for that domain, because they are very annoying.

Being "infected" with URL:Blacklist is a meaningless sentence to begin with.
« Last Edit: August 10, 2019, 02:26:52 AM by Rundvleeskroket »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85095
  • No support PMs thanks
Re: How do I suppress specific "threat secured" popups?
« Reply #5 on: August 10, 2019, 10:12:06 AM »
I have given you answers based on your questions, but you just keep popping up with another.

You have to decide what to do, if you believe it to be perfectly safe then submit as an FP as suggested or exclude it. 

At no point have you mentioned this other application that is responsible for for this connection or what you intend to do about that.

All malware names/alerts have a very short name, they aren't descriptive, it is just a name.  Just pop along to VirusTotal and you will see a very similar style of malware names/alerts from all AVs.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.4.2464 (build 21.4.6266.561) UI 1.0.639/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Rundvleeskroket

  • Sr. Member
  • ****
  • Posts: 308
Re: How do I suppress specific "threat secured" popups?
« Reply #6 on: August 10, 2019, 10:59:45 AM »
My question is the exact same as before. What new question have I asked? Now I'm quite curious! You certainly seem to think I have.

What application I use is not relevant. I mention that it isn't a browser to make it clear this isn't a popup from surfing to a website.

What isn't descriptive is the popup Avast shows. Infected with URL: Blacklist doesn't mean a thing, and the message that "a connection on domain.suffix was aborted" suggests the whole domain is blocked, and doesn't tell me if it in fact is otherwise or more granular.

At the very least the popup warning should be rewritten to make more sense. An entry on a blacklist isn't an infection, so that wording is simply wrong.  The details of the warning also do not provide additional information about why this domain is blocked and if the block pertains to the whole domain or just certain particular URLs on that domain. There is no link to an explanation. That would've been helpful. But alas.

Submitting a FP doesn't make sense if I can't tell from the popup exactly what was blocked. The domain or a specific url at that domain. The wording suggests the broad approach by Avast, and it doesn't elaborate.

All that said; it still doesn't provide me with a means to suppress the popup for this domain. At least not without the exclusion method thought so ill-advised. So if I'm to try and keep 'safe', I'd rather not exclude the domain. Regardless of whether the exclusion would actually expose me to more risk. If I don't have to, I'll take the extra layer of "protection". I don't need access to this domain at this moment. What I do need, is to suppress the popups if and when an application tries to connect to that specific domain. And I'll let Avast happily block that attempted access. It just shouldn't bug me about it every damn time it happens. However, just for this domain. Not all domains. So for instance silent mode is not an option.
« Last Edit: August 10, 2019, 11:04:32 AM by Rundvleeskroket »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37029
Re: How do I suppress specific "threat secured" popups?
« Reply #7 on: August 10, 2019, 11:10:28 AM »
Quote
.  Submitting a FP doesn't make sense if I can't tell from the popup exactly what was blocked. The domain or a specific url at that domain. The wording suggests the broad approach by Avast, and it doesn't elaborate.
 
If you submit a FP they Will check URL and Reply with that info , telling you if it was wrong or correct and why



« Last Edit: August 10, 2019, 11:12:07 AM by Pondus »