このフォーラムスレッドには解決策が必要です。
拍手0

Can't exclude domain from IPS

投稿日: 2022-11-29 | 10:36 · 返信 14 · · 翻訳:

Hello,
I want to exclude this domain from getting detected by Norton's IPS. It's detected by IPS as: Malicious Site: Domain request 22.

hxxp://thumb(.)fvs(.)io

I asked Norton to whitelist the domain since it doesn't seem to be involved with malware, but they said that the detection won't be removed without giving any specific reason. 
Okay, no problem. I just want to add it into exception. It's not blocked by Norton Safe Web extension. Only by IPS. 
I tried putting it into application URL monitoring exclusion, but it doesn't work. The notification window also doesn't have the option to exclude it. 
How can I do it? Is there any other way? If it's a bug, then please fix it quickly if possible.

ラベル: Intrusion Prevention, Windows 11

返信

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 10:45 · 編集日: 2022-11-29 | 10:50 · パーマリンク

https://safeweb.norton.com/report/show?url=http://thumb.fvs.io = Caution -> 

  • Pornography
  • Suspicious
  • TV/Video Streams
  • Piracy/Copyright Concerns

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 10:54 · パーマリンク

I'm aware of the status, but it's a CDN mainly and safe enough. It's not detected by any other vendor and SafeWeb gives it only caution, so it's not in the red zone. It's used by some sites I use for free streaming football (soccer) matches, which matches the categories showed on SafeWeb. When it's blocked by IPS, I can not watch. So it's important for me to exclude the domain. There should be an option to exclude it, like it's possible with other AV products. 

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 11:10 · パーマリンク

I hear ya'.  

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 11:30 · パーマリンク

While you can't exclude the website, you can exclude the detection.  Go to the Intrusion Protection tab in Firewall settings and enter Malicious Site: Domain request 22 in the search bar for signature exclusions.  Of course, this isn't really recommended because it will leave you unprotected against that attack from any website.  It should also be noted that while possible, IPS detections are very rarely false positives.  IPS is alerting to something actually on the website that matches the attack signature, it is not blocking the site pro-actively.  Chances are very high that it is an attack.

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 11:35 · パーマリンク

Stop Notifying Me works....works so well...I don't know how to reverse Stop

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 11:43 · パーマリンク

Thanks for the suggestion. I know the attack can be excluded, but like you said, I don't want to do that since that may keep me unprotected against similar attacks from other websites. So this workaround isn't ideal. It would have been easier if it was possible to exclude it. It's confusing why there is no such option. 

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 11:45 · パーマリンク

So clicking "Stop Notifying Me" makes the site accessible? I never clicked on it, thinking it would just keep blocking it in the background. Also curious to know if it's possible to reverse stop like you said. 

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 12:26 · 編集日: 2022-11-29 | 12:32 · パーマリンク

SeriousHoax:

So clicking "Stop Notifying Me" makes the site accessible? I never clicked on it, thinking it would just keep blocking it in the background. Also curious to know if it's possible to reverse stop like you said. 

IDK if the site is accessible.  I C "can't reach this page" with Intrusion Prevention On before and after Stop Notifying Me.   I guess you're correct....site is blocked in the background.  No idea how to reverse Stop Notifying Me. 

 

IDK if the site is accessible. I C {"success":false,"data":"bad request"} with Intrusion Prevention Off

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 14:21 · 編集日: 2022-11-29 | 14:48 · パーマリンク

@SeriousHoax

Norton Chat Support has no notion how to reverse Stop Notifying Me. 

Norton Chat Support says I need to purchase Ultimate Help Desk for this issue. 

Now, Chat says they need Remote Access. 

Now, Chat says I need to reinstall Norton to return default setting.  

Case ID: 74351747

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 14:54 · 編集日: 2022-11-29 | 15:01 · パーマリンク

@SeriousHoax

Security History -> Intrusion Prevention for the Blocked event -> More Options -> Notify Me


拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-11-29 | 15:35 · 編集日: 2022-11-29 | 15:36 · パーマリンク 

https://thumb.fvs.io/

Dispute submitted successfully

https://safeweb.norton.com/report/show?url=https://thumb.fvs.io = Caution

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-12-01 | 16:33 · 編集日: 2022-12-01 | 16:39 · パーマリンク

bjm_: 
https://thumb.fvs.io/

Dispute submitted successfully
https://safeweb.norton.com/report/show?url=https://thumb.fvs.io = Caution 

We have recently re-evaluated the contents of https: //thumb. fvs. io/.
The website rating is not changed after evaluation.

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-12-14 | 08:51 · パーマリンク

Thanks @bjm_

Is it possible to ask for IPS whitelist as a feature request?

拍手0

Re: Can't exclude domain from IPS

投稿日: 2022-12-14 | 18:53 · パーマリンク

This might be a good suggestion for the Product Suggestions board https://community.norton.com/forums/product-suggestions

This thread is closed from further comment. Please visit the forum to start a new thread.