Jump to content

Recommended Posts

Posted

Hi there:

Users having Kapersky Internet Security are sending me that a web page is being blocked because a HEUR:Trojan-PSW.Script.Generic.

But requesting a report, I see "all green" and no viruses: https://opentip.kaspersky.com/https%3A%2F%2Fjusticio.es/?tab=web

I understand it's a false positive, but I would like to know how to remove this warning for Kapersky's users, since it's offering a false reputation of a page.

Thank you

 

image.png

Posted

Yes, I know ... but then, why some users are receiving that block message ?

It would be great to have more information in those screens, don't you think ? Something users can "click and send info to developers" and HELP webmasters.

From my point of view, it's not very ethical to "block" a page and not give more information to developers, or not provide a "easy to send" button for users that want to help webmasters to avoid that block.

Moreover when this block is a false positive.

IMHO !

  • Like 1
Flood and Flood's wife
Posted (edited)

Hi @harlan4096 & @CJS

Event: Malicious object detected
User type: Initiator
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Detected
Type: Trojan
Name: HEUR:Trojan-PSW.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object path: https://justicio.es
MD5 of an object: 15346BEED730927A1BD7FEE39BE9B648
Reason: Expert analysis
Databases release date: Yesterday, 15/10/2024 11:36:00 PM

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
removed vt. already posted by H😅
  • Like 1
Posted
43 minutes ago, harlan4096 said:

Can You send a capture of the details of the detection, from K. Reports?

Also, the detection is .generic... so it is an "automatic detection" -> Heuristic:

https://threats.kaspersky.com/en/threat/Trojan-PSW.Script.Generic/

 

 

I don't understand the "from K. Reports" ... I'm not a Kapersky user ... I have only what a Kapersky user sent me visiting this page.

And, although is "generic", it provoke a navigation stopper, therefore a non-deserve bad reputation.

harlan4096
Posted

I just reported the URL to K. analysts.

  • Like 1
harlan4096
Posted

This is the reply of K analysts:


 

Quote

 

Hello,

We were unable to reproduce the detection.
Please update your antivirus bases.
If the problem persists, please send the screenshots showing both the filename and the verdict.


Best regards, Malware Analyst

 

 

  • Like 1
Posted

I wish the file name were mentioned, that’s the point I’m trying to suggest … you can’t just put “the homepage URL” and say “there’s a virus” without providing more information, neither for your customers nor for the developers …

 

Anyway, I’m not trying to fight against your business model … I just don’t think this type of vague error report helps. You block the user, damage the reputation of the site, and all because of a false positive…

 

Anyway …

harlan4096
Posted
3 minutes ago, Berny said:

@CJS

Link https://justicio.es/contacto is pointing to mailto : justicio @ justicio.es (not an url)  🤔

This is ok. just open an email client to send a msg.

  • Like 1
harlan4096
Posted

I reported the @Flood and Flood's wifedetections details, still waiting.

 

Still I've just checked also the URL with FireFox + Kaspersky Premium 21.18a and still I can't get the detection 🤷‍♂️

  • Like 1
harlan4096
Posted

I got a new reply, from a different analyst (I omitted his name in the reply, because personal reasons):


 

Quote

 

Hello,

We were unable to reproduce the detection.
If the problem persists, please send us the detected webpage as file.

Best regards, Malware Analyst

 

 

  • Like 1
Posted

Also, according some second opinion tools the site is 'clean' which is confirmed  in the post from @harlan4096 above my post 👍

Two verdicts are only notifying a warning :

  1. " Invalid URL in redirect error on  https : //justicio.es/contacto  "
  2. " Can't fetch file pointed by your url  'https : //justicio.es/contacto  "
  • Like 1
Posted

I really appreciate the efforts of some of you confirming the site is clean in your side.

But I can assure you that users don’t make up the screenshot with which I start this thread ;-)

  • Like 2

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...