Hi. How do I suppress specific “threat secured” popups?
The last couple of days I get “threat secured” popups with the reason of “URL:blacklist”. How do I suppress these popups if they are generated from a specific domain?
I don’t want to get into a discussion about whether this is smart of safe. I’m pretty damn sure it is a false alarm. Or that perhaps something on the domain had at one point something nasty, but the subdomain / specific url I connect to does not and the block is overly broad. Even if it did, I don’t even really mind the block itself, but the popups about it. I want them gone, without disabling the popup for other domains or possible legit threats.
FYI: I’m not connecting to this domain with a browser but with another application.
How do I go about doing this? Can I whitelist? Ignore?
The short answer is that it would be dangerous to suppress such alerts, they are usually an indication that a URL has been previously infected or has been exploited.
The fact that ‘you’ aren’t doing the connection doesn’t really change the risk and may possibly even increase it.
If I add it as an exclusion this would also prevent the block, right? If that is my only option I’ll consider it. But that is not the same thing as having it continue the blocks, and just not alert me about it with an annoying popup when it’s from this particular domain. That would be a better solution imo.
The problem is that the popups go over pretty much everything. So if I’m watching a video or something it’ll be in my face and stay there until I dismiss it. I can’t even get it to the background.
I’m hesitant to report a false positive because maybe something else on another subdomain is doing something untoward. So blocking that specific url would be warranted. Just not the whole domain.
If you are hesitant in reporting it as a possible FP because it may be something untoward or sub-domain then I would question the use of exclusions unless you are 100% sure.
I didn’t say block the whole domain, but the URL and my meaning is the FULL url shown in the alert/s (however a blacklisted ‘domain’ alert could imply the whole site/url is blocked). But as you haven’t posted any screenshot of the alert window, I have no detail to work with.
The alert suggests that the whole tld is blocked. Which is an overly broad way to address a supposed issue on some small part of it. Especially when not accessed via a browser.
Again: I don’t necessarily need or want to exclude the domain. I’m at present fine with the blocks even if I’m confident the part I’m connecting to is perfectly safe. I do however want to suppress the popups for that domain, because they are very annoying.
Being “infected” with URL:Blacklist is a meaningless sentence to begin with.
I have given you answers based on your questions, but you just keep popping up with another.
You have to decide what to do, if you believe it to be perfectly safe then submit as an FP as suggested or exclude it.
At no point have you mentioned this other application that is responsible for for this connection or what you intend to do about that.
All malware names/alerts have a very short name, they aren’t descriptive, it is just a name. Just pop along to VirusTotal and you will see a very similar style of malware names/alerts from all AVs.
My question is the exact same as before. What new question have I asked? Now I’m quite curious! You certainly seem to think I have.
What application I use is not relevant. I mention that it isn’t a browser to make it clear this isn’t a popup from surfing to a website.
What isn’t descriptive is the popup Avast shows. Infected with URL: Blacklist doesn’t mean a thing, and the message that “a connection on domain.suffix was aborted” suggests the whole domain is blocked, and doesn’t tell me if it in fact is otherwise or more granular.
At the very least the popup warning should be rewritten to make more sense. An entry on a blacklist isn’t an infection, so that wording is simply wrong. The details of the warning also do not provide additional information about why this domain is blocked and if the block pertains to the whole domain or just certain particular URLs on that domain. There is no link to an explanation. That would’ve been helpful. But alas.
Submitting a FP doesn’t make sense if I can’t tell from the popup exactly what was blocked. The domain or a specific url at that domain. The wording suggests the broad approach by Avast, and it doesn’t elaborate.
All that said; it still doesn’t provide me with a means to suppress the popup for this domain. At least not without the exclusion method thought so ill-advised. So if I’m to try and keep ‘safe’, I’d rather not exclude the domain. Regardless of whether the exclusion would actually expose me to more risk. If I don’t have to, I’ll take the extra layer of “protection”. I don’t need access to this domain at this moment. What I do need, is to suppress the popups if and when an application tries to connect to that specific domain. And I’ll let Avast happily block that attempted access. It just shouldn’t bug me about it every damn time it happens. However, just for this domain. Not all domains. So for instance silent mode is not an option.
. Submitting a FP doesn't make sense if I can't tell from the popup exactly what was blocked. The domain or a specific url at that domain. The wording suggests the broad approach by Avast, and it doesn't elaborate.
If you submit a FP they Will check URL and Reply with that info , telling you if it was wrong or correct and why