• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

ConnectSafe false positive

Greetings,

ConnectSafe is blocking na-meterservices.neopost.com and Norton SafeWeb reports malicious activity for Neopost.com.  I believe this is a false positive however and would like to request that the block be removed.  How do I accomplish this?

Thanks!

Replies

Kudos0

Re: ConnectSafe false positive

ConnectSafe would be using the info from SafeWeb. Virustotal.com shows 0/66 detections for neopost.com.

You can report false positive indications here https://submit.symantec.com/false_positive/

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe false positive

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: ConnectSafe false positive

peterweb:

ConnectSafe would be using the info from SafeWeb. Virustotal.com shows 0/66 detections for neopost.com.

You can report false positive indications here https://submit.symantec.com/false_positive/

I submitted a false positive for another site and they came back and said they couldn't reproduce it even though I sent them this link.  https://safeweb.norton.com/report/show?url=w-systems.com It seems the only way to access the site is to stop using Norton DNS.  Anyway you can get this site unblocked?

Kudos0

Re: ConnectSafe false positive

The link you give shows a strange URL. What is the correct URL you are trying to check?

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe false positive

The link above had a space at the end causing problems.  Copy and paste works though.  The domain is w-systems.com

Kudos0

Re: ConnectSafe false positive

And have you checked the wsetup.exe file on the site for malware?

I get the Safeweb warning with and without connectsafe.

Things happen. Export/Backup your Norton Password Manager data.
Kudos2 Stats

Re: ConnectSafe false positive

Hello

I can get that domain retested by the Safe Web Team. The Team should be by either tonight or Wed. night.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: ConnectSafe false positive

It looks like the blacklist status has been removed.

It tests clean at https://sitecheck.sucuri.net/

A little bit of knowledge is... well a little bit of knowledge.
Kudos2 Stats

Re: ConnectSafe false positive

Hi robert5050,

We have manually analyzed the site 'w-systems.com' and found it to be clean so we have changed its rating to green.

https://safeweb.norton.com/report/show?url=w-systems.com

Cops

Kudos0

Re: ConnectSafe false positive

Thank you.  The site is loading without issue now.  It's really good that this forum exists since they couldn't help when I reported it.

Kudos0

Re: ConnectSafe false positive

Hello Rober

We have contact with the right people. The Support people don't have contact with them. You are welcome. Now you know where to go to if you have any other issues with your products or websites.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: ConnectSafe false positive

Kudos0

Re: ConnectSafe false positive

Hello Robert

That link goes to a different site than what shows in the link. It goes to a site without the click in front of it.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: ConnectSafe false positive

Did you get this from a Technet email?

I ask because I am seeing a similar problem from a MS email I got from a subscription I have with them for IT news. The warnings I got were from my browser(s). FF 44.0 and the Edge browser show a certificate error. IE 11 takes me to the Safeweb block showing a phishing detection. I checked previous emails that had the same image I am clicking on and the URL shown when I hover over the image is the same in all the emails. The older emails and the current one that is giving warnings.

What is strange for me. I use Gmail as my email provider and Mozilla Thunderbird for my email client. If I click on the images and links in the email from my Inbox, I get blocked. If I go to All Mail in Gmail's folders and click the same image in the same email, I get no warnings.

FF message

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe false positive

Anything in front of the domain doesn't matter.  It's the domain name microsoftemail.com that's blocked.  Here's another link https://safeweb.norton.com/report/show?url=microsoftemail.com

Yes, it was a link in a Microsoft email may have been technet.

Kudos0

Re: ConnectSafe false positive

Another false positive!!  sendgrid.net  https://safeweb.norton.com/report/show?url=sendgrid.net

This is a transactional email service used by many companies.  We can no longer send email!!!

Kudos0

Re: ConnectSafe false positive

Hello Robert

That sandgrid.net link is showing a green go now.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: ConnectSafe false positive

Another site needs to be unblocked.  rawgit.com  It's a CDN used by many websites.  https://safeweb.norton.com/report/show?url=rawgit.com

Kudos0

Re: ConnectSafe false positive

Has anyone checked the file noted that is suspected of containing the virus?

BTW these are Safe Web warnings, not Connect Safe. Although they both use the same warning database. I tested the site and got the warning while bypassing Connect Safe.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe false positive

peterweb:  Has anyone checked the file noted that is suspected of containing the virus?

dl and scan'd > ajmgh/lcpdfrdist/master/0_3_setup_alternative.rar  

Kudos0

Re: ConnectSafe false positive

bjm_:
peterweb:  Has anyone checked the file noted that is suspected of containing the virus?

dl and scan'd > ajmgh/lcpdfrdist/master/0_3_setup_alternative.rar  

And what did your scan show?

Does a false positive have to be reported?

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe false positive

Norton On-demand scan quarantine'd file with no SHA reported


SHA256: 7907a12fa2f9b895f7c490b91252cd16cf7bcfadb5230d85f254492bbb35556a
File name: 0_3_setup_alternative.rar
Detection ratio: 16 / 55
Analysis date: 2016-02-23 21:36:40 UTC

https://www.virustotal.com/en/file/7907a12fa2f9b895f7c490b91252cd16cf7bcfadb5230d85f254492bbb35556a/analysis/1456263400/ 

Kudos0

Re: ConnectSafe false positive

I probably should of started a new thread. It's not a false positive. The domain name is a content delivery network. If Norton were to block every cdn that contained a virus then you probably wouldn't be able to browse the net. There's probably thousands of websites using rawgit.com.

It would almost be like blocking all of dropbox if one person had a dropbox link with a virus. Sure might be safe but then you can't work.
Kudos0

Re: ConnectSafe false positive

Safe Web is not blocking every CDN (btw I thought you were talking about Canadians, like me  )  It is just blocking one that has 2 malware detections, as it should. When the infections are removed, Safe Web can re evaluate the site.

If you are not responsible for the site and are a regular user, maybe you can contact them and let them know what is happening.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: ConnectSafe false positive

Right but the one cdn is used by thousands of sites.  Since it's a cdn, they shouldn't block the whole domain name.  I've had to switch to comodo dns at home until it gets fixed.  I had to permanly stop using ConnectSafe at work because of the false positives above.  In addition, it seems ConnectSafe is no longer for business use.  When you go to sign up, there's a check box to certify that you are home personal.  Previously, you could select business.  Oh well..

Kudos0

Re: ConnectSafe false positive

Hello robert5050

Do you have a website that you want the Safe Web Team to check out? If it's a whole, large domain, they can like subdivide it so that only the malware parts get blocked until cleaned up and the rest of the domain gets the Green Go.  If you have any websites that you want checked out, please let me know. Also, there is a false positive team that checks out things as well as the Safe Web Team.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit Norton Core Security Plus 22.17.1.50 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.