Banking Protection ignores exception list
Comments
-
Hello,
Sorry for my reply.
But does you mean something like that:
-> You added website-URL to exception list under Banking Protection settings window (under main Browsing Protection window). As "allow"-part of exception list?
Potentially your experience related with how it should to work.
If you think that current URL should not triggered Banking Protection - potentially there required steps for using F-Secure SAS (sample URL transferring for re-rate current website and as result... drop-status for BP trigger).
But if it's just your decision about. Potentially.. on current time... there just can be manual "stop" banking protection session each time.
Because current exception list probably "designed" for next meanings (on current time):
-> If during Banking Protection session any of pages goes be blocked with reason (BP is active and current page not fully trusted) - you able to add current page as "exception". And you will be able to visit the page during Banking Protection time.
Such as ... "allow" to visit this page (by any of time).
Or block some pages (for any of tries) - if you think that current URLs can be suspicious for you.
Sorry if I wrong understand your situation and sorry for not nice English.
Not sure.. but usually there more popular, when someone want to "add" activate-process for some of pages, when it's not triggered BP by default.
-
Hi,
Thanks for quick response.
Essentially, the problem is that when I visit the website, the baking protection triggers even though the site is safe. I've added it to my own safe list, and when I first bought this version of fsecure, I submitted the URL to fsecure for rating. It's an issue that's been happening for months, and I marked the URL as safe many months ago.
Really, my issue with it, is that if I add a site to the exception list, then it should be excluded from banking protection - there's not much point in having a list if it's going to be ignored by the system.
-
Hello,
Sorry if my words will be wrong about your situation. And sorry for long reply.
For first: I can to talk about desktop (Windows, for home use) versions of F-Secure solutions. Such as F-Secure SAFE or F-Secure IS (as example). Where we have Banking Protection, which probably can be with another design (if there have any other solutions for Banking Protection as business-solutions or other solutions).
Banking Protection probably work with another design, than you can to think about it now.
For example... maybe... Banking Protection flyer can be triggered during visit banking (time to time online-payments, shopping, commerce websites) domains/URLs/pages.
Such as.. if it's known website/URL for F-Secure (and marked as related with banking) will be triggered "BP"-feature, which goes to prevent "potentially malicious/suspicious" network connections.. except trust-ones.
It's mean... when your (example)-URL with safe-status (and related with banking) - current page will be as trigger for Banking Protection, which means.. that you connected to "banking" page indeed.
And for example... some of "suspicious sources" will be blocked during "flyer"-visible-status. And it's not mean.. that your (example)-URL malicious/suspicious or not safe.
List of exceptions... can be with design about "allow/deny". Allow-list will be helpful with situations, when page blocked by somewhat reason... but you are sure.. that page is clean/safe.
You do not want to wait result by F-Secure SAS.
And you able to add current page for white-list (your white list as allowed pages). And you will be able to visit pages (potentially always).
Or.. if page marked as safe, but you think.. that page is suspicious or malicious for you. You can to use Deny-list and block this domain. So.. as result.. you will be with block-status for current pages (potentially always).
This Exception-list more related with Browsing protection, than Banking Protection.
On current time.. there not possible to work with Exception lists as "specific" for banking protection (such as create trigger for not-banking-pages. or drop trigger for banking pages). But how I remember something same can be under F-Secure backlog.
So... your situation potentially with next meanings: you goes to "banking" page (safe page) and get BP-flyer, which means... that your "banking business/actions" protected by BP-feature. It's probably normal. And it should be like that.
I not sure.. that there can be workarounds (with common meanings).
As example.. I goes to visit your example-link. And did not get Banking Protection flyer, because it's normal. My experience was... about http-connection with current URL.
When I re-change http to https. Banking Protection tirggered in fact.
So.. if current page did not related with banking/payments things (for your or for any). There can be some of workarounds: did not use HTTPS for current page (because my experience was about certain URL and BP-flyet comes not from other resources under current domain).
Maybe you have something as extensions or other.. with redirect for HTTPS (it's good and nice!), but for your situation it's a reason for BP-flyer under current domain (where HTTPS not as default thing).
Or... there https://www.f-secure.com/en/web/labs_global/submit-a-sample to transfer URL as "BP triggered, but should not".
BUT as repeat-words... Banking Protection means that your page (when it's created) related with banking/payments and comes under HTTPS and safe. As additional points: some of pages will be blocked, which can be marked as not trusted for Banking. With any of meanings you able to close BP-flyer.
Also general information about Banking Protection was there (recently) - http://safeandsavvy.f-secure.com/2016/01/05/banking-protection-how-does-it-work/
Sorry for my long reply again.
Sorry if I wrong understand your troublepoint.
I can to feel main point there... that Banking Protection is protection thing. And BP-flyer means that page safe (and not that page are not safe).
There missing any specific (?) exception lists for Banking Protection. But there have for browsing protection. And related things for Banking Protection there can be "allow" (page will be with allow-status during banking protection - if it was blocked before) or "deny" (page will be blocked always). Banking Protection triggered by Secure Connections with banking/payments domains. As result there should be visible BP-flyer, which can be closed manually. On current time.. that missing some kind of action for "ignore" for trigger (possible just re-rate mistake-examples, when BP-flyer created randomly under pages, which does not related with something around banking/payments and should be protected).
Sorry again.
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!