Roll out of new web filtering

If anyone experiencing FPs can submit them but then also send them to me via PM, that will help me give the team as much information as possible.

Thank you!

 

Lloyds Bank personal log on page back to getting a red warning again!!! I have submitted another form to Webroot.

 

Wondering if besides reporting again (!), you might manually add the address to WhiteList.txt in WRData, to prevent a recurrance?

 

Very strange as I reported this via the required form a while back and 24 hours later, I checked again and the FP was no more (at least here) and I have not had a reoccurrence of this since (I bank with Lloyds too BTW).

 

Being one of the first to report false positives, I notice that there's a whitelist after unlocking the page. It seems to stay unblocked (longer?) if you visit the site regularly. But eventually, you will see that block page again.

It seems to be separate for different browsers as well, one could be blocked while the other isn't due to unlocking.

As for reporting, they still haven't addressed my FP's reported on this thread and in the submission yet. The easiest way to check is looking at the search indicators.

 

Hi J_L

Have benchmarked the contents of the whitelist in (C:\ProgramData\WRData\wrUrl) and will check back periodically to see if what you say stacks up here when I use IE.

Cheers

Balders

 

So that's where the whitelist is, thanks.

 

Is that whitelist.txt a report or a directive? That is, does it report what is whitelisted from elsewhere, or does it tell the addon what to whitelist?

 

I never edited whitelist.txt, but it contains all of the pages I've unlocked and continued.

More info: https://www.wilderssecurity.com/showthread.php?p=2287461#post2287461

 

It is a directive - it is a list of what users click unblock to.

 

Also, the latest builds of WSA will log blocked websites (allowed or blocked) into the overall WSA log file.

 

So it's a security hole.

If the addon reads that and decides something is whitelisted by that when it encounters it, then a simple appendage of an otherwise-blocked site to that file will unblock it. Depending on how often that file is read and the logistics behind it, something along the lines of a web exploit that appends to that file before sending off to a site that would otherwise be detected and blocked might even occur. That would be a sign of success. Blackhole exploit kit adding a section to automagically target WSA web filtering via that file.

 

It's written under \ProgramData\ where admin rights are required to change it, so an addon won't be able to reach it, and in any case, it's locked while WSA is active.

 

Yet another log in page blocked- BT which is the UK's biggest telecoms company!! Web filtering does not seem to like log in pages. Have submitted support request and PMd PrevxHelp.

 

Hi, I reported it a couple of days back, they responded immediately and after a deep scan the fix worked. Have just paid BT another visit and all was well, perhaps a deep scan will fix it for you too ?

 

Responded immediately huh. I still haven't heard anything from them despite contacting a week ago, sending PM 5 days ago, and posting the false positives here 2 and a half weeks ago!

 

Sorry, I've been behind on my PMs. Could you send me your email address so I can see where your support ticket is at the moment? It should have been answered a long time ago, so it may be assigned incorrectly.

 

Only received the new web shield a few days ago and I am also getting a lot of FPs on what to me are mainstream trustworthy sites.

This is starting to get annoying, especially with the calls I'm getting from friends I've recommended WSA to. I don't like suggesting to them they "unblock page and continue" as it might become a habit.

E.G. the Lloyds online banking site (personal banking login at Lloydsbank.com) is still blocked despite, as per earlier posts, being reported a week ago. Lloydsbank.com also shows a yellow circle in search results. Deep scan (and even a reinstall) does not fix it for me.

Is this early teething troubles or are we stuck with an over-zealous shield?

 

...is it just a Windows 8.1 + IE 11 problem ?

 

No. Having issues with Windows 7 and Firefox, IE 10.

 

Thanks.

 

Can you send me a scan log to my username at gmail.com so that I can take a look at what's blocking these? We've had several reports of FPs and it is a dynamic system which can be tuned as needed, but we don't want to compromise security if we can avoid it. At this point, any information is helpful to drill down to precisely what's happening. (And, for what it's worth, a scan won't affect the search results or website blocking - they're driven by a separate cloud service)

Thank you!

 

Sent.

 

Sent the PM yesterday by the way. I think there shouldn't be a red category on non-malicious proxies and the like, due to amount of flagged safe sites and how easy it is bypassing the web filtering anyways.

 

Hi, I was instructed to perform a deep scan after reporting BT being blocked on the 15 Nov. see posts 94 and 96 this thread. It worked for me and despite folk today reporting BT still being blocked for them see post 139, I have no such problems. Support says scan, you say it has no affect, I watched football on BT this afternoon when other folk couldn't. I think you and Support need to have a chat, to scan or not to scan ?