Hello,
I want to exclude this domain from getting detected by Norton's IPS. It's detected by IPS as: Malicious Site: Domain request 22.
hxxp://thumb(.)fvs(.)io
I asked Norton to whitelist the domain since it doesn't seem to be involved with malware, but they said that the detection won't be removed without giving any specific reason.
Okay, no problem. I just want to add it into exception. It's not blocked by Norton Safe Web extension. Only by IPS.
I tried putting it into application URL monitoring exclusion, but it doesn't work. The notification window also doesn't have the option to exclude it.
How can I do it? Is there any other way? If it's a bug, then please fix it quickly if possible.
So clicking "Stop Notifying Me" makes the site accessible? I never clicked on it, thinking it would just keep blocking it in the background. Also curious to know if it's possible to reverse stop like you said.
IDK if the site is accessible. I C "can't reach this page" with Intrusion Prevention On before and after Stop Notifying Me. I guess you're correct....site is blocked in the background. No idea how to reverse Stop Notifying Me.
IDK if the site is accessible. I C {"success":false,"data":"bad request"} with Intrusion Prevention Off
So clicking "Stop Notifying Me" makes the site accessible? I never clicked on it, thinking it would just keep blocking it in the background. Also curious to know if it's possible to reverse stop like you said.
Thanks for the suggestion. I know the attack can be excluded, but like you said, I don't want to do that since that may keep me unprotected against similar attacks from other websites. So this workaround isn't ideal. It would have been easier if it was possible to exclude it. It's confusing why there is no such option.
While you can't exclude the website, you can exclude the detection. Go to the Intrusion Protection tab in Firewall settings and enter Malicious Site: Domain request 22 in the search bar for signature exclusions. Of course, this isn't really recommended because it will leave you unprotected against that attack from any website. It should also be noted that while possible, IPS detections are very rarely false positives. IPS is alerting to something actually on the website that matches the attack signature, it is not blocking the site pro-actively. Chances are very high that it is an attack.
I'm aware of the status, but it's a CDN mainly and safe enough. It's not detected by any other vendor and SafeWeb gives it only caution, so it's not in the red zone. It's used by some sites I use for free streaming football (soccer) matches, which matches the categories showed on SafeWeb. When it's blocked by IPS, I can not watch. So it's important for me to exclude the domain. There should be an option to exclude it, like it's possible with other AV products.
