Hi. It seems that URLs that Avast deems dangerous are blocked. But when I uncheck ‘Block malware URLs’ under Web Shield Settings, they remain blocked. Is this normal?
The Avast notification does change though. From: ‘Infection URL:Mal’, to ‘Infection URL:Mal2’. Note the ‘2’.
Disabling Script blocking also does not fix this. I have to entirely uncheck ‘Enable Web Scanning’ to access the URL. I’d rather not do that of course.
The URL I’m trying to visit is http://sceper.ws/page/2 and every subsequent number. The main site itself (sceper.ws) does load fine, without warnings. The content on the main page is on the numbered pages after a few hours, so I do want to be able to view those without disabling (large parts of) my AV. And there isn’t an option as far as I can tell that lets me add an exclusion to URL blocking for a specific domain. I can add a URL exclusion to Web Shield, but that excludes it from all the other scans in there as well. I don’t want to do that.
Is there currently actual malware on those numbered pages? It doesn’t seem so. I am however running adblock, mixed content blocking, and privacy badger. In Firefox. If not, perhaps those pages should be removed from the blacklist. And perhaps disabling the malware URL blocking option should actually disable said blocking.
Hopefully I can get some clarification, and maybe even an update to the blacklist. Thanks
I’m not getting that alert about a malicious JavaScript. One of my blockers may perhaps have already filtered it out.
All I get is the “Infection URL:Mal” warning. So, blocked because the URL has been serving something it shouldn’t in the past. Or still is?
I never ever download anything from there. I just use it as a TV-guide of sorts. See what’s new. Nothing else.
I don’t want to disable Web Scanning. But there doesn’t seem to be a way to add a specific domain exclusion for the URL-blocking feature only. So I have to choose between disabling Web Scanning entirely, or not seeing the pages at all.
As I understand it from the zScaler site, it is a known site with an elevated phishing risk. Fine. I understand the risks. It doesn’t mean the site is dangerous when just viewed without clicking on things, right?
I’d still like to know how come when I uncheck the malware URL block option, it remains blocked, and with another ‘Infection URL:Mal2’ alert. Didn’t I just explicitly disable that check? How is Mal2 different from Mal?
I’d be happy with an option to proceed with caution.
Avast block posted in attached .png was from a different site: www.scanurl.net, a different web scanning site, scanning the same website you cannot visit, from a third-party point of view.
Note the avast block is: JS:ScriptPE-inf [Trj] – avast Web Shield.
Phish warnings by independent third-parties should not be ignored as your web site is likely compromised.
Only other possible setting for Web Shield is ‘Ask’. See attached below:
If I remember correctly, we have shown that the site isn’t safe in the past already.
Since they haven’t changed their practices, it is very unlikely the block on it will be lifted.
We do not help people to get on malicious websites.
What are Deceptive/Phishing, Attack Sites, Unwanted Software and Malware?
Deceptive Site (also known as “Phishing”)
This is a form of identity theft that occurs when a malicious website impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake but very real-looking websites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.
Thanks for the info. I am well aware of what phishing is. I do not give out personal information even on most legitimate sites. If at all. It is still not clear to me how come when I disable URL blocking, I’m still getting the website blocked. Disable blocking should mean exactly that imo. What part of Web Shield is responsible for the Mal2 alert, and can I add an exclusion to it?
@ Rundvleeskroket
Your are misinterpreting the Site Blocking function (there is no ‘Block malware URLs’ option that you mention) - it doesn’t stop avast scanning and blocking sites - its purpose is to allow ‘you’ to add sites to block irrespective of avast scanning finding it clean.
The actions you are experiencing with sites detected as malicious, etc. are correct.
In the Site Blocking window you will see that it allows for URLs (to block) to be entered. Uncheck the 'Enable site blocking. and the screen changes so you can no longer enter URLs.
@ DavidR: Avast → Options → Active Protection → Web Shield → Customize → Block malware URLs.
In the Help via the question mark in top right it says about this function:
Block malware URLs - Block websites based on a database of known malware URLs.
I’m not even looking at site blocking. That’s not what I’m talking about.
So, even though I uncheck ‘block malware URLs’, Avast still blocks malware URLs. Rendering that checkbox moot.
@ Eddy: Setting to ‘Ask’ will have the whole of Web Shield ask what to do if it detects something, not specifically only the malware URL blocking part of Web Shield, right? If so, again, that is not what I’m after. I want to have Web Shield enabled, actively scanning my browsing, but allow me to proceed to access a site known to be of higher risk, at my own discretion. I don’t consider phishing much of a risk to myself. I would however like the benefit of the script checking and such. So adding an exclusion for the whole of Web Shield is not preferred. And this isn’t even adding an exclusion, but instead changing global behaviour. I don’t want Web Shield asking me what to do for all browsing all the time.
Also, if the warning that pops up would tell me what malware is found, this would be helpful. I’m less inclined to proceed if a malicious script is trying to run, but less concerned if the site just contains a fake login or something of that ilk. The generic ‘URL:Mal’ warning doesn’t give me enough detailed information about what exactly is wrong with the site I’m trying to visit.
I’m not bypassing 99% of the protection. I just want to customize that one remaining percent of protection to allow me to access a site. By all means, keep the blacklist, but give me a way to override the blockade with minimal deactivation of other components of Avast.
I’ll ask yet again: why does disabling ‘block malware URLs’ not actually disable said blocking? Yes, the alert changes from Mal to Mal2. So another part of Avast is now blocking. Which part is that specifically, and can I change it settings to my liking?
Malware comes in different guises. Not all are equally dangerous. I understand the default one size fits all approach, but that leaves advanced users out of options.
Disabling URL blocking should let me see the site, or the popup should give me another kind of alert notification for whatever reason Avast then has determined is cause to block.
I’m sure it is. So let Avast scan and check all of it, but let me access the site at my own peril if I so choose.
FYI: I run Avast on several machines. Some of those are virtual machines with more vanilla Firefox. No mixed content blocking (although 47 may do it by default now). No Privacy Badger. Just Adblock Plus. I’ve disabled Web Shield in one of them and visited the site in question. Clicked all over the place. Then re-enabled Web Shield, ran a full system scan, ran antispyware tools, the works. No problems found. Seems the phishing is really the offending part (currently). And phishing is hardly a problem if one uses common sense.
Luckily that is not for you to decide. You have stated your concerns. They are duly noted. If you aren’t going to contribute to this thread in a helpful fashion, please consider yourself excused. Thank you for your input.
Whilst I might not agree with going to these lengths to visit a highly suspect site (it is your system), but the avast settings/options when set should work and this didn’t. First time I disabled only the web shield Enable Web scanning, thinking that should work for all scanning, it didn’t and I got the URL:Mal alert.
I can in a way confirm (but not exactly) what you reported, I didn’t switch off the settings in firefox - allowing that warning to display and opt to ignore. I disabled not only the Block malware URLs but also Enable Web scanning (Note to readers don’t do this if you haven’t got a robust backup and recovery strategy in place).
Here is when it starts to get strange, first I didn’t get the URL:Mal and URL:Mal2 alert that you posted, but two other popups.
