This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
humt
Participant
‎2019-11-07 09:13 PM

Url filtering [Malware/Adware]

I am facing the big issue of virus(Malware/Adware]. And i am fedup now. I have format my system 3 times and 2times reset the firewall but the virus did not gone yet.  Firewall  not able to block yet. Even antivirus did not able to clean it yet. It is coming again and again. And i am not sure , how did it enter into system. 

Behavior-

1) Internet auto disconnecting again and again.

2) Changing the settings of firewall which i feel. It stop accessing localhost IP address.

3) I feel when i synchronize the data with google for backup. Virus is entering into the system. Is it possible virus is entering via Google. Just take chrome data only via synchronize.

 

These are the below website which open sometime with different websites

arcaptarts[.]site 

allashark[.]site

areantaid[.]site

 

 

I have block these website manaully. But it is useless.  Almost coming new website in next 2-4days.

 

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-11-08 12:54 PM

It could very well be something in the Chrome data (specifically an extension) that is causing this to happen.
0 Kudos
FedericoMeiners
Advisor
‎2019-11-08 04:52 PM

First of all ensure that your URL Filtering policies is blocking all "bad" categories such as Adware, high risk, critical, risk, malware, among others. This is not a silver bullet since URLs should be categorized as such. You can create a rule to drop all uncategorized traffic and set URL Filtering to do a fail close approach to the packets but most of the time this is cumbersome for end users.

Second: Your Firewall antivirus engine will not do anything if malware is being downloaded via HTTPS, you will need to configure Outbound HTTPS Inspection on your firewall.

Last, put that host in quarantine and perform a proper malware removal, it's not really a good practice to let your firewall handle all the incident handling, specially if the host is already compromise.

Hope it helps

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
humt
Participant
‎2019-11-14 07:26 AM
In response to FedericoMeiners

As I see. CP now blocks the url but still I am not aware how this adware/malware is coming. There is no extension, notification or external software except antivirus installed in system.I have format the system and not working. Until I don't know how it enter into system. I am scared to open any website. If some one knows. Please let me know. Antivirus are still researching.  No antivirus is able to detect it. I have already try Malwarebytes,Kaspersky, quickheal,bitdefender,Norton. I have report to Kaspersky for this issue. And waiting for update. 

 

 

0 Kudos