I tried submitting two domains using the form, but it did not work. Everything seemed to be fine, but I never got a reply, and I did not get a confirmation email after submitting the domains (maybe this is normal - but most antivirus vendors send an automatic email that they received the filled form)
So I am trying via email…
Two ad-tracking domains on our adult website were flagged by you, and we believe that this is a false alarm, and kindly asking you to remove the malware flag.
Confirmation emails have been discontinued by Avast.
Something as an Avast user I disagree with.
Please break active links to suspect sites to avoid accidental exposure, only post the domain-name or change the https to httXp to break the link.
I didn’t get an alert on hXXps://trklaos.org by avast but is was blocked by the uBlock Origin add-on in firefox. However even with uBlock Origin add-on disabled I get a blank screen and no avast alert.
Thank you for your reply.
Did they just discontinued the confirmation emails or these cases are now not getting any ticket/case ID-s I an refer to?
I tried emailing AVAST about this, but there’s an automatic reply saying if I don’t use a case/ticket ID then they ignore the email…
Thank You for your suggestion about posting the suspicious links!
Luckily, these links are totally clean in Virustotal, this is why I did not bother with it - in my book these are false positives and I just need AVAST to clean the reputation of these domains.
You’re welcome.
The lack of email response in the standard reporting a possible false positive is fairly recent.
The link for reporting this has also recently changed (not sure if this was also when responses ceased):
New location to report both a False Positive and or a False Negative, for URL or File - https://www.avast.com/submit-a-sample#pc
You will have noticed (I hope), that Avast isn’t listed on the VT checks for URLs as Avast doesn’t have a function to do this on demand, this is carried out by the Web Shield which is a live scan (so avast has to be running on the user system).
There is some room for extended header security. While Cloudflare is a reputable company, the reliability of these results depends on various factors. Here are some points to consider:
Methodology: Cloudflare’s Radar scan uses automated tools to identify potential vulnerabilities and weaknesses in a website’s infrastructure. The methodology is based on industry-standard scanning techniques and best practices.
Scope: The scan typically includes checks for common vulnerabilities, such as outdated software, misconfigured servers, and potential backdoors. However, it may not cover every possible vulnerability or configuration issue.
Accuracy: While Cloudflare’s radar scan is designed to be accurate, it’s not perfect. False positives or false negatives can occur due to various reasons, such as:
Misconfigured scanners or outdated database information.
Overlapping or conflicting results with other security tools.
There is insufficient information about the website’s specific configuration or technology stack.
False positives: It’s not uncommon for security scans to generate false positives, which can lead to unnecessary remediation efforts. Carefully review the scan results and prioritise issues based on their severity and relevance to your website.
False negatives: Conversely, the scan might miss some vulnerabilities or issues that are not detected by the scanning technology. This is where human expertise and manual testing come into play.
Website configuration: The accuracy of the scan results depends on the website’s configuration and technology stack. For example, if a website uses custom or non-standard configurations, the scan might not be able to detect certain issues.
Human interpretation: The results require human interpretation and understanding of the findings. A thorough analysis of the report and prioritisation of issues are essential to ensuring effective remediation.
To increase the reliability of these results:
Review the scan report carefully and prioritise issues based on severity and relevance.
Verify the findings with other security tools and experts.
Conduct manual testing and verification of critical issues.
Consider engaging with Cloudflare support or other security experts for further guidance.
Keep your website software up-to-date and ensure regular security patches are applied.
In conclusion, while Cloudflare’s radar scan provides valuable insights into a website’s security posture, it’s essential to consider the limitations and potential inaccuracies of the results. A combination of automated scanning, human expertise, and manual testing is necessary to ensure a comprehensive understanding of your website’s security posture. INfo deep.ai oversight