This forum thread needs a solution.
Kudos0

Can't exclude domain from IPS

Hello,
I want to exclude this domain from getting detected by Norton's IPS. It's detected by IPS as: Malicious Site: Domain request 22.

hxxp://thumb(.)fvs(.)io

I asked Norton to whitelist the domain since it doesn't seem to be involved with malware, but they said that the detection won't be removed without giving any specific reason. 
Okay, no problem. I just want to add it into exception. It's not blocked by Norton Safe Web extension. Only by IPS. 
I tried putting it into application URL monitoring exclusion, but it doesn't work. The notification window also doesn't have the option to exclude it. 
How can I do it? Is there any other way? If it's a bug, then please fix it quickly if possible.

Replies

Kudos0

Re: Can't exclude domain from IPS

https://safeweb.norton.com/report/show?url=http://thumb.fvs.io = Caution -> 

  • Pornography
  • Suspicious
  • TV/Video Streams
  • Piracy/Copyright Concerns

Kudos0

Re: Can't exclude domain from IPS

I'm aware of the status, but it's a CDN mainly and safe enough. It's not detected by any other vendor and SafeWeb gives it only caution, so it's not in the red zone. It's used by some sites I use for free streaming football (soccer) matches, which matches the categories showed on SafeWeb. When it's blocked by IPS, I can not watch. So it's important for me to exclude the domain. There should be an option to exclude it, like it's possible with other AV products. 

Kudos0

Re: Can't exclude domain from IPS

I hear ya'.  

Kudos0

Re: Can't exclude domain from IPS

While you can't exclude the website, you can exclude the detection.  Go to the Intrusion Protection tab in Firewall settings and enter Malicious Site: Domain request 22 in the search bar for signature exclusions.  Of course, this isn't really recommended because it will leave you unprotected against that attack from any website.  It should also be noted that while possible, IPS detections are very rarely false positives.  IPS is alerting to something actually on the website that matches the attack signature, it is not blocking the site pro-actively.  Chances are very high that it is an attack.

Kudos0

Re: Can't exclude domain from IPS

Stop Notifying Me works....works so well...I don't know how to reverse Stop

Kudos0

Re: Can't exclude domain from IPS

Thanks for the suggestion. I know the attack can be excluded, but like you said, I don't want to do that since that may keep me unprotected against similar attacks from other websites. So this workaround isn't ideal. It would have been easier if it was possible to exclude it. It's confusing why there is no such option. 

Kudos0

Re: Can't exclude domain from IPS

So clicking "Stop Notifying Me" makes the site accessible? I never clicked on it, thinking it would just keep blocking it in the background. Also curious to know if it's possible to reverse stop like you said. 

Kudos0

Re: Can't exclude domain from IPS

SeriousHoax:

So clicking "Stop Notifying Me" makes the site accessible? I never clicked on it, thinking it would just keep blocking it in the background. Also curious to know if it's possible to reverse stop like you said. 

IDK if the site is accessible.  I C "can't reach this page" with Intrusion Prevention On before and after Stop Notifying Me.   I guess you're correct....site is blocked in the background.  No idea how to reverse Stop Notifying Me. 

 


IDK if the site is accessible. I C {"success":false,"data":"bad request"} with Intrusion Prevention Off

Kudos0

Re: Can't exclude domain from IPS

@SeriousHoax

Norton Chat Support has no notion how to reverse Stop Notifying Me. 

Norton Chat Support says I need to purchase Ultimate Help Desk for this issue. 

Now, Chat says they need Remote Access. 

Now, Chat says I need to reinstall Norton to return default setting.  

Case ID: 74351747

Kudos0

Re: Can't exclude domain from IPS

@SeriousHoax

Security History -> Intrusion Prevention for the Blocked event -> More Options -> Notify Me


Kudos0

Re: Can't exclude domain from IPS

https://thumb.fvs.io/

Dispute submitted successfully

https://safeweb.norton.com/report/show?url=https://thumb.fvs.io = Caution

Kudos0

Re: Can't exclude domain from IPS

bjm_:
https://thumb.fvs.io/

Dispute submitted successfully
https://safeweb.norton.com/report/show?url=https://thumb.fvs.io = Caution 

We have recently re-evaluated the contents of https: //thumb. fvs. io/.
The website rating is not changed after evaluation.

Kudos0

Re: Can't exclude domain from IPS

Thanks @bjm_

Is it possible to ask for IPS whitelist as a feature request?

Kudos0

Re: Can't exclude domain from IPS

This might be a good suggestion for the Product Suggestions board https://community.norton.com/forums/product-suggestions

This thread is closed from further comment. Please visit the forum to start a new thread.