Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Malware URL not being flagged as Malware

Follow
Avatar
James Willhoite

We've had some Phishing attacks at work and I've been looking at the URLs the attacks are going to. Yes, we have users falling for them. I noticed that the url api[.]kali365[.]xyz was a url that was used. After looking it up via "VirusTotal" and "CiscoTalos", they both say they are Malware, but the Firewalla thinks it's fine. Even the FirewallaAI thinks it's okay. Is there a place to report this for the Firewalla Team?

0

Comments

5 comments

Sort by Date Votes
  • Avatar
    Firewalla CM

    Thanks for posting it here. We'll forward it to the team.

    Most of the time, if a flow is incorrectly categorized, you can report it in the app. We'll see if we can improve this feature for all flows in the future.

    In the meantime, please block this site, and consider blocking other things, such as the NRD Target List or TLD Risky Domains, like *.xyz. 

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I have blocked it, and have used the NRD target list since it was released. I should expand to the *.xyz 

    Also, was using the Business MSP and didn't see any report button. When searching for flows like this, I prefer the Web vs a small phone screen.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Let me forward to our team; we rarely have people suggesting bad domains, but this can be a start. Will see if we can do something there too. 

    0
    Comment actions Permalink
  • Avatar
    James Willhoite
    • Edited
    In the meantime, please block this site, and consider blocking other things, 
    such as the NRD Target List or TLD Risky Domains, like *.xyz. 

     

    Took your advice and blocked the TLD Risky Domains. Created a Target List with your suggested list. Added as a Rule and to match "domain only". Working as expected, but ended up see a blocked flow to "api.weather.com" for some reason. Single flow, but the "Matched By" was the Block Risky TLD Rule .... Found it odd as there are no "*.com" in the target lists. Not even a *.weather TLD or anything.

    0
    Comment actions Permalink
  • Avatar
    Firewalla CM

    Hi James Willhoite, I've opened a case for you. Our support team can take a look to make sure everything is working correctly. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post