I have two employees that reported a warning on both AVG and Avast which I’m pretty sure is a false positive. Below are the two versions in question:

AVG Technologies Software Version: 23.5.3286 (build 23.5.8195.786) on Windows 10, Version 22H2
Avast Security 15.6.0. Free version on macOS 12.0.1

Both reported this error: “HTML:Iframe-inf [Susp]”
Is there any way to get more information on why it thinks there is something malicious? The intranet site that triggered the warning it’s a ticketing system. There is an iframe for the message editor, and one for file uploads. But they have been running those programs for a year or more and the software for the ticketing system hasn’t changed in about the same time. I’m thinking maybe a bad update went out recently?

Though you don’t mention the site (any link shouldn’t be active only the domain name) or post a screenshot or the Alert Window with the Details option selected. See screenshot below.

You can use the Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

Thanks for the screenshot, I’ve uploaded the messages they encountered. The domain in question is support.coursevector.com.

I also went ahead and submitted a request at the URL you provided. Thanks!

Had to add the last attachment separately due to file size

Nothing found here - https://www.virustotal.com/gui/url/185040910251e118c895724e3bbea8c7fd0c3b3d5b573df8ca80ec922ea23eb8?nocache=1
Some issues reported here - https://en.internet.nl/site/support.coursevector.com/2147665/
Minimal Security Risk reported here - https://quttera.com/detailed_report/support.coursevector.com

Now I tried to access that link support.coursevector.com and got a notice that “Public side is disabled.”
I don’t know if that would also impact some of the tests I ran listed above.

You can use the possible false positive link I gave before - however I don’t know if that too would be impacted by the “Public side is disabled” issue mentioned.

You mean Avast cant check (then exclude if needed) an intranet site than is not intended for public access?

As an Avast User, I don’t know.

However given your being able to access that site via a browser, the Web Shield would also be able to access it.

Right, while it is publicly online, it’s private and must login to view anything which is why i didn’t put the URL up before. I did use the false positive link you sent earlier and it looks like they’ve taken care of it already.

“We have now cleared its reputation in our database based on the findings and removed the detection.”

Thanks for your direction!

Thanks for the confirmation.

You’re welcome.