A problem when blocking malicious sites

I`m a user of Win10 x64 version, and I`am a user of f-secure safe as well.

 

Recently when I`m testing the website protection by visiting some known-infected sites. Usually when a site is blocked, a hint showing that the site is malicious will be shown in the browser I`m using. But on my machine, the browser can only display a 403 error, which may lead to some misunderstanding if the site is really unavailable or have been blocked by f-secure.

 

some known infected site that indicating this problem include:

 

 

XXXXXXXXXXX.com

ZZZZZZZZZZZ.ru 

CCCCCCCCCC.com 

 

I think that f-secure should make sure that its web protection can display proper information, rather than having problem telling the user what`s going on with the website they`re visiting.

 

EDIT: Removed potentially dangerous links

 

Comments

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello ouyangx,

     

    Could you try to submit these URLs to our lab, you can request  details on the sample provided.

     

  • I don`t doubt that f-secure can blocked them, because someone else I know using f-secure client security has already proven it.

     

    I just hope the correct warning can appear in my browser.

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello ouyangx,

     

    Could you confirm with which browser(and version) you observed this behavior?

    I cannot reproduce the error 503 and get the "harmful website" messages for these sites.

     

    Did you already try to reinstall the browser extension?

    You can do that in the User interface under Browsing protection and Settings>Other>browser extensions

  • I`m using Maxthon, which does not support installing your extension, but the regular warning can appear correctly without any extension, I can ensure that.

     

     

    tested chrome with extension, no problem.

     

    But why maxthon can display the warning correctly before?Smiley Sad

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello ouyangx,

     

    Thank you for the quick reply. Unsupported browser might work properly. But as they are not thoroughly tested we cannot guaranty that they work consistently.

  • UkkoUkko Posts: 3,147 Superuser

    Hello,

     

    Sorry for my reply.

     

    Maybe I have experience about same things or dreams.

    Your links was edited... so I'm not sure.. that it's can be related with your situation (but with my Maxthon it's work as should be or does not work with known steps for me).

    Also.. your words have information... that with Chrome-browser all work as should be. My situation about... when pages blocked normally by Maxthon or just "Forbidden page", which will be with other browsers too (maybe Chromium/Webkit-based too... in fact.. I check it with Opera, but not with Google Chrome).

     

     My steps under spoiler.

    Spoiler

    Anyway... with some of updates (months ago) F-Secure comes with new design about blocking pages (or it's related directly with browser).

     

    As example... I can to reproduce (after current updates and for current day), when known "harmful/malicious" webpage comes with "just 403 forbidden". And there not just default block-page by F-Secure.

     

    My steps for that:

     

    --> Will use direct link.

    Such as.. if it's link for some of resources of executable-files.

    Such as "http: / / www. malicious--website.com/pictures/suspicious.png"

    or

    "http: / / www. malicious--website.com/rogue/boom.exe"

     

    Will be not available to get access or get block-page-information.

    Just "Forbidden page" by browser (with Maxthon it will be same for Webkit or another core).

     

    Just links for "http: // www. malicious--website.com/pictures" (as example) will be blocked too, but comes with block-page-information by F-Secure.

     Or maybe you have specific background around. Such as... machine under proxy (?!), virtual things or some of other things... or... more updates for Windows 10 ... which will be critical for reproduce.

     

  • I can make sure that most of the infected links I tested do not end with  .exe or .jpg, most with .com ,.ru or .net

     

    thanks for the additional informationSmiley Tongue

    Ukko
This discussion has been closed.