CUJO firewall downstream from SENSE router is blocking malicious sites that SENSE is not

Hi.  I had a CUJO firewall before I purchased the SENSE.  After installing the SENSE, I tried putting the CUJO in between my SENSE and my cable modem to see if it catches outbound items that the SENSE misses.  It does.

 

CUJO occasionally identifies IP addresses that something on my network is connecting to as known malicious sites.  Problem is, since the SENSE is what everything is connected to, I can't tell what device is connecting to bad sites since CUJO technically only has one device going into it (the SENSE).  I suspect it is an ad or something in some app on my phone perhaps, but who knows.

 

My real question is, are there any plans for us to be able to subscribe to lists of sites to block?  Like uBlock Origin Chrome extension has a list of blacklists that you can add to your list of sites to block.  It would be nice if the SENSE had the same capabilities so we can be super aggressive in blocking if we want to be.

 

I attached a screenshot of uBlock's subscription lists where you can select which blacklists to use or not use.  It would be nice if the SENSE had a similar capability...

 

uBlockBlacklistSites.png

Answers

  • FS_SimoFS_Simo Posts: 256

    Hi, thanks for the feedback!

     

    Currently we don't have any specific plans for supporting such 3rd party 'list subscriptions' as they would need to be maintained or curated by F-Secure anyway to maintain the integrity of our service and published securely. In practice all such site classifications that SENSE handles come through F-Secure security cloud which is maintained and updated by our capable research and response. That is one of the core services our customers pay us to do.

     

    If you find that some websites are leaking though SENSE by which Cujo is catching, we would appreciate if you can report them to our response for analysis to verify if they are indeed legitimate and should be blocked https://www.f-secure.com/en/web/labs_global/submit-a-sample

  • Will do, thanks.

  • I submitted the IPs that the CUJO blocked and support said that they identified them as spam or something and added them to the block list.

     

    CUJO says that the IPs are a part of the "Global Reputation Database".  I don't know if this refers to "CUJO's database" or if there is an actual other public one out there, but where does F-Secure's list come from?  100% self-curated or based on other lists like www.cinsscore.com ?

  • I would guess that it's not 100% self curated, dunno if any service is.

    And if you use different services providers for the same stuff, there will always be differences.

    There's no such service that blocks and protects everything everywhere always.

    So the best protection is to use many different types of protection components and services.

     

This discussion has been closed.