Jump to content

KIS detecting redirects to several sites which KIS blocks. gmzdaily.com


borkduck

Recommended Posts

Get repeated instances of this during session; redirects to several sites which KIS blocks. Trying to figure out what is generating these messages; all seem to be associated w/Firefox, but can’t find any info about it. Attaching SS of activity. Anyone?

Thanks.

Link to comment
Share on other sites

I had a problem similar to this a few months ago. It coincided at a time the handling of certificates changed in the wider world.

Sorry, my memory is not quite good enough. I remember having to switch off a Kaspersky option that handled certificates under Kaspersky in a proprietary way. If I can find the setting I will post again.

Link to comment
Share on other sites

I guess I wasn’t clear on my question; I have two, actually:

1-It appears KIS is doing its job, logging the detection of a potentially dangerous SSL connection (shown as an orange warning on the report I attached above); does this mean that I don’t have to worry about the detection of a Secure Socket Layer connection w/this site gmzdaily.com as long as no connection is apparently being made?

2-How can I determine what’s generating this warning? I’ve been monitoring my machine’s activity pretty closely for over a week now, but there doesn’t seem to be any triggering event that causes the detection of this connection (if it is a connection) to gmz.daiycom. And I can’t find any information about this site anywhere, other than one ominous Google search reference to something called HTTP://gmzdaily.com | ANY.RUN-Free Malware Sandbox.

I’m really more concerned about question 2, as KIS says my machine is clean, and finds no other problems either in scans or popup warnings that some adverse interaction has occurred.

Again, any guidance regarding this greatly appreciated.

Thanks,

Keith Borkman

 

 

 

Link to comment
Share on other sites

Hello @borkduck/Keith, 

  1. Please clarify, you’re not actually visiting gmzdaily sites? 
  2. When you’re on the web, do any sites fail to resolve? 
  3. Does the gmzdaily issue happen, if other browsers are used? 
  4. May we have the KIS All events, 7day Report; export the report, save as a *.txt file & 📎 attach📎 to your reply please?

Thank you🙏

Flood🐳

Link to comment
Share on other sites

Flood,

No, not visiting sites. The 2 times I did click on the sites referenced in the warnings shown in my attachment (both something called fleamarketunime.ipage.com), they were both blocked by KIS.

No evident problems of any kind otherwise during any session, and I’m monitoring closely these days. Just those SSL invalid certificate warnings.

Haven’t tried w/any browser other than firefox; a good point. I’ll try chrome/explorer and see.

I’m attaching the text file, but it’s from yesterday, since the warning hasn’t popped up yet today. I’ll re-start, and get a fresh Detailed Report to send.

Thanks very much for getting back to me, Flood. This thing is preying on my mind. Not comfortable with things I don’t understand--which covers a lot of territory when it comes to KIS, and tech in general!

bd

 

 

Link to comment
Share on other sites

Using chrome and so far no incidence of gmzdaily.com popping up. Looks to be related to Firefox browser, since every instance was on that browser.

I did find this: https://gmzdaily.com.ipaddress.com/

but have no idea what it means.  Maybe someone here does.

I’d still like to find out what’s generating this SSL Connection in FF and what it means (am I connected? is it trying to establish a connection and KIS is blocking it?) but I guess I can live with using chrome. Although it generates about 15-20 times the ‘suspicious activity blocked’ messages in KIS. Why am I not surprised…

 

bd

 

Link to comment
Share on other sites

Hello  @borkduck,

You're very welcome👍 !

Thank you for replying and providing additional information🙏

  • First, don't be alarmed or overly worried, ‘tech explanation’ following, not understanding "anything" we don't understand, is totally understandable🙃 And, much of the digital/cyber world tech💩 is really hard to understand😖

I've previously sought Kaspersky expert’s advice, when these certificate errors appear in Kaspersky Reports:

Their stock standard advice is: 

quote: 

"A website certificate can only be verified when it is publicly signed. The certificate the company uses cannot be verified because it is a self-signed certificate or has other certificate error. Some companies may self-sign their domains. In such cases the certificate chain can be incomplete. In such cases Kaspersky application will show the certificate chain is not complete, Kaspersky showing the information in Kaspersky Reports can be considered normal behavior. If the web page can be loaded successfully although there is certificate verification error found for an internal web resource in the report or log, the error can be ignored.”

Additionally: "If the user chooses to have the settings " Always scan encrypted connections” enabled then Kaspersky checks and scan all the connections. If Kaspersky finds something is wrong then it’s reflected in the report.” 

end quote


  • You may conclude, from their advice,  it's "better" to  disable "Always scan SSL connections", not so, this setting has important functions. 
  • (imo) the manner in which the information is reflected in the Kaspersky reports, i.e. highlighting the alerts with a bright colour, not providing supporting error documentation, could be improved, that would help all Kaspersky customers, who do not have a Kaspersky PHD, (at a guess 87% of us) to not fret & panic🤔
  • Regarding the outcome of clicking “fleamarketunime”, good, this is KIS working as it should.
  • From the screen image, it appears  “fleamarketunime” may have embedded gmzdaily links, hence the block & the subsequent recording of gmzdaily in KIS reports. 
  • Do let me have the All events, 7day or 30day report when you have time please? 

Thank you🙏

Flood🐳

Link to comment
Share on other sites

Flood,

Thanks. Very much agree w/bullet points 1-3. It’s point 4 that’s the one I’m trying to satisfy myself on. I very much want to know what’s causing this SSL detection.

Ran Chrome all day, w/no occurrenceof this detection, loading all the sites I visit using Firefox. I’m pretty much convinced this is an issue w/Firefox. Particularly since I can find no rhyme or reason to what/when it triggers. Stuff like that tends to gnaw at me.

Will send you a detailed events report tomorrow sometime probably. Again, thanks much for your assistance, very appreciated.

bd

 

Link to comment
Share on other sites

Hello @borkduck,

You’re very welcome👌

Next time (for my sake), I’ll number my bullet points, you had me scrambling😁

Regarding, “what’s causing this SSL detection?” according to Kaspersky experts: “The certificate the company uses cannot be verified because it is a self-signed certificate or has other certificate error. Some companies may self-sign their domains. In such cases the certificate chain can be incomplete.

I do understand the persistent gnawing, it’s certainly not helped by the lack of information provided for these issues. 

  • 1 Is Scan secure traffic in Mozilla applications enabled? (Please do not disable, just let me know please?)
  • 2 Regarding issue happening only when Firefox browser is used, have any Firefox Addons, Extensions, Themes & or Plugins, been updated, enabled, loaded, activated since the problem first began? 
  • 3 Check the issue if Firefox is run in SafeMode (1), does KIS log any certificate errors? 
  • 4 Run a Firefox refresh (2)? Does KIS continue to log any certificate errors? 

Note, before running the Refresh, save BOTH Copy raw data to clipboard & Copy text to clipboard.

 

At this point, if the issue persists, please let me know? 

 

When you have time, please upload the All Events, 30 day Report, it will help a lot🙏

Thank you🙏

Flood🐳

Link to comment
Share on other sites

  • 2 months later...

In a hurry, so this will be brief. Still seeing the odd ‘SSL connection w/invalid certificate detected’ orange-type warning. Still don’t know if there’s an actual connection being made or simply a warning that an attempt is being made. I was in the process of making the transition from Windows 7 to win 10 when the world blew up. Haven’t been able to accomplish the changeover yet.

Am attaching a screenshot of the latest attempt and a check of this website via Urlvoid.

 

 

Thanks for the follow up,

borkduck

Link to comment
Share on other sites

Hello @borkduck,

Good to hear from you☺ ! Thanks for updating us👌

Regarding the certificate events highlighted in the Kaspersky WAV report, Kaspersky’s standard conclusion line, “communicated to me”, has always been: “if the error event is logged in the report but does not affect page content loading, the error can be ignored.” 

Thank you🙏

Flood🐳

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...