Good day. I had one detection from Avast earlier which said that it blocked something that read: “We’ve safely aborted connection on 151.139.180.24 because it was infected
with URL:Blacklist”
I’m currently running Windows 11, with Avast free version 24.1 with everything fully up to date.
From a quick Googling, it seems like this is a false positive, but I rather err on the side of caution and ask.
Boot time scan and full system scan both come up clean, no history of past infections on this machine; this is the only time Avast has detected anything so far. Worth noting that there were no repeat detections and blocks from web shield other than the initial one.
URL Blacklists are usually done for a reason; indicates that the URL (Uniform Resource Locator) link is known not trustworthy… either from Avast or from partners/industry that share “known bad” URLs.
You would probably need to use something like Process Explorer from Systinernals to investigate what specific service is using that instance of svchost.exe and see where it’s located… not that that would be easy to connect to the URL warning given.
Anyway, if it’s not a behavioral block I’d be very wary. Also, did you happen to be doing any other misc. web browsing at the time of the alert?
The only thing running at the time was Discord open in Chrome, which it had been for an hour or so. I wasn’t browsing anything at all, and I was away from the computer when the Avast alert happened.
I’m leaving stuff out here, but to try to explain it on a basic level:
There are a bunch of ways that Antivirus programs try to keep you safe. Over time it’s not enough to just rely on old methods.
A URL blacklist block - Generally this means that Avast has recognized this as a ‘bad actor’ – either from their own data points or often many reputable companies/organizations/etc will publish lists of ‘known bad actors’, and then the security community will update their ‘lists’ so that they can preemptively block connections to those. Basically: Hey, I know that place is probably a bad place to go to
Fingerprinting - This is where they have “fingerprints” they have gotten from known malicious software/code/scripts/files/etc. and match what’s on your machine against a database of these ‘known fingerprints’ to ID bad things on your computer
Behavioral - This is a ‘next step’ where they try to look for things that just don’t seem right. Even if it doesn’t actually match a fingerprint or some remote resource that’s blacklisted, they have ways to determine if something seems – as Velma from Scooby Doo would say – “hinky”. These processes/files/etc. can then be stopped/quarantined/etc. and/or any related connections stopped.
If your curious, I’m sure you can find a bunch of material out there that’s more in-depth and specific
Hi, thank you for notifying us. We reviewed your report and disabled URL detection as False Positive. If the issue persists, please send us the detection dialog screenshot.