Author Topic: Site Blocked - Exclusion Added in Console Not Visible at Client  (Read 801 times)

0 Members and 1 Guest are viewing this topic.

Offline Randy16randy

  • Newbie
  • *
  • Posts: 2
I have On-Prem Console v7.29.990, with AntiVirus Pro on Windows desktops.   
We are having an issue with a blocked site reporting ULR:TechScam infection but VirusTotal says that site is good.
I added an exclusion to the WebShield policy but doesn't seem to be propagating to clients - shouldn't I be able to see the exclusions added via the Console, on the settings page of the client?

I tried to create a ticket in Business Support, but the form doesn't do anything when I click submit.  Eventually the Captcha reports that it is timed out.  Below notes are from the ticket I was trying to create.  [EDIT - tried the ticket again in Edge and that worked]

Users are being blocked from accessing melcor.ca with a message "Threat Secured ... infected with URL:TechScam".   It appears to be a false positive as VirusTotal lists clean.   I have added to the Web Shield Policy Exclusions and Edge browser able to access intermittently (sometimes says connection reset), but Chrome always pops up the Avast warning.   
Related query:  Shouldn't I see the exclusions added via the console on the desktop Avast interface?
« Last Edit: July 12, 2022, 06:57:57 PM by Randy16randy »

Offline Stephen D

  • Avast team
  • Newbie
  • *
  • Posts: 5
Re: Site Blocked - Exclusion Added in Console Not Visible at Client
« Reply #1 on: July 13, 2022, 07:26:17 PM »
I went ahead and took the case that we have from you. In general, we will need the full detection details as well as a copy of the file or URL getting detected so we can send it to the virus lab. You can skip this information gathering phase and report false positives directly at https://www.avast.com/false-positive-file-form.php. I recommend doing this even if exclusions do work just to be safe as well as correct detections that are false.

The other issue with the exclusions will need to be investigated in the case that you opened. They should be visible in the endpoint.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33525
  • malware fighter
Re: Site Blocked - Exclusion Added in Console Not Visible at Client
« Reply #2 on: July 14, 2022, 12:52:55 AM »
This site is pinging -hellobar.com which is being blocked by scriptblockers.
Hello Bar is a lead generation tool built by online marketers for online marketers.
Re: https://www.virustotal.com/gui/url/79c5801ea5757f18107848947f4b57d7633f01629efe6b196718c736480d07e9/details

So wait for a final verdict from avast team.

canonical tag refers to -https://melcor.tempurl.host/wp/) Google safe browsing gives it as
-melcor.tempurl.hostDIGITALOCEAN-ASN the all green.

One issue with this Word Press CMS website:
outdated wp plug-in detected:    wordpress-seo 19.1   Warning   latest release (19.3)
https://yoa.st/1uj

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: July 14, 2022, 01:00:16 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!