How to tell which browser tab was blocked from installing malware?

I use firefox and I like to open several browser tabs in the background as I search the web. Occasionally, avast will pop up a message indicating that it blocked malware from getting to my system. I can see the path/url of the malware but what I want to know is which site was the malware on. It would be nice if avast can show the “parent” window/tab. Is this possible?

Generally it will be the one that you have just opened, as the web shield scans the page content and anything loaded by it very quickly. In most cases it would block the loading of the page if whatever it is is embedded in the page source code, so firefox being what it does highlight tabs where there is a problem loading. Or in the case of external sources you would still have the main page loaded, now with add-ons like NoScript and or RequestPolicy, you can see what the external links/scripts are in that page.

The act of having either of these add-ons is likely to block an external link/script from being run, so you shouldn’t actually get an alert unless you are in the page and have allowed scripts/access for an external link.

I don’t believe there is any easy way to link the alert back to the parent tab as there would have to be some form of logging to record the url of the initiating page and any alert. Given the number of elements being scanned (just look at the web shield stats), I believe it could be an unreasonable overhead, which may slow browsing.

Thanks for the information. I will have to look out for the highlighted tab… never noticed that before.

Also, it’s funny that you mentioned noscript which I have installed. I have not tweaked noscript’s default settings but was still surprised that avast alerted me to the malware in the first place. Other than me actually clicking on the malware to download, which I didn’t, aren’t most of it script based? Wonder why noscript didn’t stop it.

You’re welcome.

If the script is a part of the page (javascript or embedded html script tag) avast will scan it and that doesn’t matter if it is active or not (e.g. noscript blocking it). It will be reporting the malicious/exploit content, this makes the user aware of it, so anyone in their right mind wouldn’t subsequently allow scripts for that page.