Roll out of new web filtering

Discussion in 'Prevx Releases' started by aieie, Oct 15, 2013.

Thread Status:
Not open for further replies.
  1. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If anyone experiencing FPs can submit them but then also send them to me via PM, that will help me give the team as much information as possible.

    Thank you!
     
  2. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Lloyds Bank personal log on page back to getting a red warning again!!! I have submitted another form to Webroot.
     
    Last edited: Nov 18, 2013
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,357
    Location:
    Surrey, England.
    Wondering if besides reporting again (!), you might manually add the address to WhiteList.txt in WRData, to prevent a recurrance?
     
  4. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,541
    Location:
    South Wales, UK
    Very strange as I reported this via the required form a while back and 24 hours later, I checked again and the FP was no more (at least here) and I have not had a reoccurrence of this since (I bank with Lloyds too BTW).o_O
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Being one of the first to report false positives, I notice that there's a whitelist after unlocking the page. It seems to stay unblocked (longer?) if you visit the site regularly. But eventually, you will see that block page again.

    It seems to be separate for different browsers as well, one could be blocked while the other isn't due to unlocking.

    As for reporting, they still haven't addressed my FP's reported on this thread and in the submission yet. The easiest way to check is looking at the search indicators.
     
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,541
    Location:
    South Wales, UK
    Hi J_L

    Have benchmarked the contents of the whitelist in (C:\ProgramData\WRData\wrUrl) and will check back periodically to see if what you say stacks up here when I use IE.

    Cheers

    Balders
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    So that's where the whitelist is, thanks.
     
  8. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    Is that whitelist.txt a report or a directive? That is, does it report what is whitelisted from elsewhere, or does it tell the addon what to whitelist?
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It is a directive - it is a list of what users click unblock to.
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Also, the latest builds of WSA will log blocked websites (allowed or blocked) into the overall WSA log file.
     
  12. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    So it's a security hole.

    If the addon reads that and decides something is whitelisted by that when it encounters it, then a simple appendage of an otherwise-blocked site to that file will unblock it. Depending on how often that file is read and the logistics behind it, something along the lines of a web exploit that appends to that file before sending off to a site that would otherwise be detected and blocked might even occur. That would be a sign of success. Blackhole exploit kit adding a section to automagically target WSA web filtering via that file.
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It's written under \ProgramData\ where admin rights are required to change it, so an addon won't be able to reach it, and in any case, it's locked while WSA is active.
     
  14. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Yet another log in page blocked- BT which is the UK's biggest telecoms company!! Web filtering does not seem to like log in pages. Have submitted support request and PMd PrevxHelp.
     
  15. sturgess

    sturgess Registered Member

    Joined:
    Aug 24, 2011
    Posts:
    158
    Hi, I reported it a couple of days back, they responded immediately and after a deep scan the fix worked. Have just paid BT another visit and all was well, perhaps a deep scan will fix it for you too ?
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Responded immediately huh. I still haven't heard anything from them despite contacting a week ago, sending PM 5 days ago, and posting the false positives here 2 and a half weeks ago!
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry, I've been behind on my PMs. Could you send me your email address so I can see where your support ticket is at the moment? It should have been answered a long time ago, so it may be assigned incorrectly.
     
  18. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    205
    Only received the new web shield a few days ago and I am also getting a lot of FPs on what to me are mainstream trustworthy sites.

    This is starting to get annoying, especially with the calls I'm getting from friends I've recommended WSA to. I don't like suggesting to them they "unblock page and continue" as it might become a habit.

    E.G. the Lloyds online banking site (personal banking login at Lloydsbank.com) is still blocked despite, as per earlier posts, being reported a week ago. Lloydsbank.com also shows a yellow circle in search results. Deep scan (and even a reinstall) does not fix it for me.

    Is this early teething troubles or are we stuck with an over-zealous shield?
     
  19. sturgess

    sturgess Registered Member

    Joined:
    Aug 24, 2011
    Posts:
    158
    ...is it just a Windows 8.1 + IE 11 problem ?
     
  20. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,335
    Location:
    New York City
    No. Having issues with Windows 7 and Firefox, IE 10.
     
  21. sturgess

    sturgess Registered Member

    Joined:
    Aug 24, 2011
    Posts:
    158
    Thanks.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Can you send me a scan log to my username at gmail.com so that I can take a look at what's blocking these? We've had several reports of FPs and it is a dynamic system which can be tuned as needed, but we don't want to compromise security if we can avoid it. At this point, any information is helpful to drill down to precisely what's happening. (And, for what it's worth, a scan won't affect the search results or website blocking - they're driven by a separate cloud service)

    Thank you!
     
  23. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    205
    Sent.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Sent the PM yesterday by the way. I think there shouldn't be a red category on non-malicious proxies and the like, due to amount of flagged safe sites and how easy it is bypassing the web filtering anyways.
     
  25. sturgess

    sturgess Registered Member

    Joined:
    Aug 24, 2011
    Posts:
    158
    Hi, I was instructed to perform a deep scan after reporting BT being blocked on the 15 Nov. see posts 94 and 96 this thread. It worked for me and despite folk today reporting BT still being blocked for them see post 139, I have no such problems. Support says scan, you say it has no affect, I watched football on BT this afternoon when other folk couldn't. I think you and Support need to have a chat, to scan or not to scan ?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.