Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Nov 2019
    Posts
    14

    Default False Postive for Bitdefender update CDN

    Hi

    Started to see masses of alerts come through when my devices update, the alert I am getting is:

    System: Untangle [untangle.trewithian]

    Event: WebFilterEvent

    Event Time: 2020-06-23 11:58:57.28.

    Event Summary:
    Web Monitor flagged http://upgr-mmxviii-avfm.2d8cd.cdn.b...lware.000.gzip (Phishing and Other Frauds)

    Event Details:
    app name = web_monitor
    blocked = false
    category = Phishing and Other Frauds
    category id = 57
    flagged = true
    reason = BLOCK_CATEGORY
    request line = GET http://upgr-mmxviii-avfm.2d8cd.cdn.b...lware.000.gzip

    I have added the following pass site rule, but still seem to be getting these alerts:

    u0DNB566ZV.png

    1. Does the rule engine need updating? I have suggested CDN as the category in the site lookup screen, but not entirely sure who/what that is telling?
    2. Is my pass rule wrong for the URL i get in the alert?

    Thanks

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,175

    Default

    get rid of the wildcards, they are already baked in

    Code:
    cdn.bitdefender.net/
    will do.
    Last edited by Jim.Alles; 06-23-2020 at 07:48 AM.

  3. #3
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,175

    Default

    Quote Originally Posted by ncksh View Post
    1. Does the rule engine need updating? I have suggested CDN as the category in the site lookup screen, but not entirely sure who/what that is telling?
    I think it would be most helpful to contact Bitdefender about this, and inform them that the file triggers Webroot / Brightcloud.
    https://www.brightcloud.com/tools/url-ip-lookup.php
    Last edited by Jim.Alles; 06-23-2020 at 07:49 AM.

  4. #4
    Newbie
    Join Date
    Nov 2019
    Posts
    14

    Default

    Roger that, will get it reported.

  5. #5
    Newbie
    Join Date
    Mar 2020
    Posts
    1

    Default

    I'm having the same issue and when I check the brightcloud link, the URLs that are triggering the webfilter on my Untangle are showing as trusted @ 81/100. Can't find a way to force my WebFilter defs to update to see if that resolved the issue. Anyone know how to update WebFilter (or other "app") categories/definitions?

  6. #6
    Untangler
    Join Date
    Aug 2018
    Posts
    39

    Default

    Quote Originally Posted by DCAIM View Post
    I'm having the same issue and when I check the brightcloud link, the URLs that are triggering the webfilter on my Untangle are showing as trusted @ 81/100. Can't find a way to force my WebFilter defs to update to see if that resolved the issue. Anyone know how to update WebFilter (or other "app") categories/definitions?
    Click the clear cache button under the advanced tab in web filter.
    Jim.Alles likes this.

  7. #7
    Untanglit
    Join Date
    Jul 2019
    Posts
    19

    Default

    Quote Originally Posted by tcurtis View Post
    Click the clear cache button under the advanced tab in web filter.
    Unfortunately, clearing the cache doesn't work. Only adding bitdefender.net to Pass Sites in Web Filter eliminates the problem.

  8. #8
    Newbie
    Join Date
    Jun 2020
    Posts
    4

    Default

    Quote Originally Posted by junglechuck View Post
    Unfortunately, clearing the cache doesn't work. Only adding bitdefender.net to Pass Sites in Web Filter eliminates the problem.
    Edit:
    Deleting the cache worked as of today. However, shouldn't this be working without manual interaction?
    Last edited by bEeReE; 06-24-2020 at 01:00 AM.

  9. #9
    Untangler
    Join Date
    Aug 2018
    Posts
    39

    Default

    Quote Originally Posted by bEeReE View Post
    Edit:
    Deleting the cache worked as of today. However, shouldn't this be working without manual interaction?
    Yes, and it would have eventually. Clearing the cache just forces it to happen quicker.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2