Kaspersky
Question

Web Control blocks selfmade website, detected as Heuristic Phishing site.

  • 2 July 2019
  • 8 replies
  • 227 views

Hej all,

I developing some webpage with different payment forms (credit card, paypal, payment in advance, debit card, only a registration form). It's possible to deactive (= not write the HTML code) one or more forms.

In some configratution my Web Control agent from Kaspersky Small Office Security 5 tells me, with a heuristic analysis of this page is dangerous and tagged as "phising site".

I'm currently no idea which thing I have to be change to get no alerts from the client. My purpose is, that all user (and with the same anti virus software) is able to call the website directly without any alerts.

Have you any idea to prevent this issue?

Thanks a lot.

Kind regards,

Jakob


8 replies

Userlevel 7
Badge +1
Welcome. Please report false positive, here: https://virusdesk.kaspersky.com/?_ga=2.246572996.1561705179.1562093635-1187006029.1562093635
Hej Richbuff,

thanks a lot. Yes I send a feedback message (after the virus desk checked my file), because the "virusdesk" doesn't mark my page as "phising site" - I think its only the antivir component and not the web control agent.

Do you know how long it takes to get an answer?

In the attachment you found my HTML code which is false positive (i can only uploaded as ZIP file).

Kind regards,

Jakob
Userlevel 7
Badge +5
Hello Nebler,
While you're waiting for Richbuff to come back to you, in: KSOS, Encrypted Connection Scanning, have you added the URL(s) so it/they are not scanned?
https://help.kaspersky.com/KSOS/6.0/en-US/157530.htm
Please let us know?
Userlevel 7
Badge +5
Yes I send a feedback message (after the virus desk checked my file), because the "virusdesk" doesn't mark my page as "phising site" - I think its only the antivir component and not the web control agent.

  • Do you know how long it takes to get an answer?

Hi Jakob,
(sorry I missed your name earlier🤭)
When an email is submitted via VirusDesk, an automated email is (normally) received, advising:

"Your link is delivered to Kaspersky Lab. Dear User, Thank you for sending a request to Kaspersky Lab! The link will be submitted for research. We will let you know the results in three days".

shortly after another automated email is received, advising:

"[Phishing KLMS] Kaspersky Lab replies to anti-phishing request [reference number]
We will thoroughly analyze URLs you sent. If the result of the analysis is different from this automatic scan result, you will be notified via email."
-----------
As the urls you've submitted are "safe", according to the online virus scanner, the Kaspersky Anti-Virus Lab, will probably not identify a discrepancy.
-----------
  • To have the "Zurgriff verboten" issue attended to, you need to contact Kaspersky Technical Support: login to your MyKaspersky account,
  • create an incident record, by filling in the template that identifys your operating system, Kaspersky software, issue category & sub category, details, everything you've shared with us, including screen prints, logs etc: https://my.kaspersky.com/techsupport#/requests/new.
An INC will be created with a INC reference #, (similar to INC000009746890). An automated email will be sent with the INC# & generic advice:

"Dear customer,
Thank you for contacting Kaspersky Lab Technical Support.
The following request was registered:
ID INC000010xxxxxx
Your specific problem info
Our business hours are: Monday to Friday 8am to 6:00pm, Saturday 9am to 4:30pm, Local Your Time. We strive to process all support requests within 8 business hours.
To add new information to your request or ask additional questions, you can simply reply to this e-mail leaving the subject line unchanged. This email was generated automatically.
Best regards, Kaspersky Lab Technical Support"
-----------
Usually, within 48 hours (if the INC is logged Mon to Saturday), a human from the 1st Level Tech Support Team, will contact you.
They will certainly request data, logs, reports, specific to the operating system in use, they may also ask for replication of the issue, by providing steps required to do this according to their needs.
Provide everything requested and wait.
Sometimes responses are fast, sometimes slow.
IF, after a fortnight, you've not had feedback, contact them with a reply to the email that invites you to "add new information to your request or ask additional questions"
------
We can provide help doco for the data collection if you'd be kind enough to let us know your operating system, version & build please? Also include, any other installed Kaspersky Software and application(s) (if other application(s) are involved in the issue) .
------
Finally😉, is there a reason for using KSOS 5 & not the latest version: KSOS 6?
------
Please let us know?
Many thanks!.
Hej FLOOD,

thanks for detail replies.

While you're waiting for Richbuff to come back to you, in: KSOS, Encrypted Connection Scanning, have you added the URL(s) so it/they are not scanned?
No, I don't added the URL. I think this is not the correct solution, because all visitor of the website have to do this. And which visitor want to add a "non secure" URL from a foreign to the anti virus software?!

  • To have the " Zurgriff verboten" issue attended to, you need to contact Kaspersky Technical Support: login to your MyKaspersky account,
  • create an incident record, by filling in the template that identifys your operating system, Kaspersky software, issue category & sub category, details, everything you've shared with us, including screen prints, logs etc: https://my.kaspersky.com/techsupport#/requests/new.

Thanks a lot, I create a new incident record (:

We can provide help doco for the data collection if you'd be kind enough to let us know your operating system, version & build please? Also include, any other installed Kaspersky Software and application(s) (if other application(s) are involved in the issue) .
------
Finally😉, is there a reason for using KSOS 5 & not the latest version: KSOS 6?

OS: Windows 10 x64 Pro - Version 10.0.17134 Build 17134
KSOS: Kaspersky Small Office Security 5 PC - Version 17.0.0.611(n),
KSOS database: 14.07.2019 7:39

Only the google chrome browser (Version 75.0.3770.100, x64) is also involved to call the (local) webserver to receive the website.

Kind regards,

Jakob
Userlevel 7
Badge +5
Hello Jacob,
Thank you for posting back and the additional information.
  1. I agree with you, "adding" URL exclusion, that solution would not be satisfactory.
  2. Incident escalation, no sad face, at this stage the issue hasn't been escalated to Technical Support. Submitting a VirusLab inspection is not the same as escaltion to Technical Support. Because the file submitted for VL scanning was either "safe or unknown", VL have no idea there's an issue. The Lab only becomes aware, if escalated direct to Technical Support Team. VL & Technical Support are not the same thing.
  3. Is there a reason for using KSOS 5 & not the latest version: KSOS 6?
Many thanks!
Hello Flood,

I only have a PC with KSOS 5, I don't know if the KSOS 6 have the same issue.
I will be tested on another computer to upgrade the KSOS software with the latest version.

May thanks for your help.
Userlevel 7
Badge +5
Hello Jacob,
Just so you don't get any surprises😉. The Tech Team MAY ask you to upgrade to 6.
Also, so I'm very clear, re: " I create a new incident record (: ", do you have an ORIGINAL INC for this issue?
Please let me know?
Thanks!

Reply / Ответить