This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block List vs ESET

 Hi,

  I need to block all *.io & *.doubleclick.net domain. My Setting is following:

Web Filter Profiles | Filter Actions | Block these websites | Regular Expressions 

add " .io "

add " .doubleclick.net " 

Unfortunately, ESET antivirus is stilling prompt a warning to confirm "deny" or "allow" the connection.

How to solve this problem? Please help!

 



This thread was automatically locked due to age.
  • Hi Perry,

    could you try this for your regular expression:

    ^https?://([A-Za-z0-9.-]*\.)?.io/
    ^https?://([A-Za-z0-9.-]*\.)?.doubleclick\.net/

    Best Regards
    DKKDG

  • Hi DKKDG,

     

    Thanks a lot and I will try this.

    May I ask a question,

    what's the function of "/" at the end of " ^https?://([A-Za-z0-9.-]*\.)?.doubleclick\.net/ "?

    I mean what the different between "\.net/" and ".net"

    Thanks

  • Hi Perry,

    the '/' does not have any function.
    This is just the absolut path.

    '\' has the meaning that the following string has to follow if the expression should match.

    Best Regards
    DKKDG

  • I recommend using website definitions linked to a tag, and then apply the tag to an exception or filter action.  Much easier to get right and much harder to get wrong.   Checking the subdomain option makes doubleclick.net variants easy to block.

    You want the ending / to avoid surprises.   example.com/ is different than example.community.us, but they will both match example.com

    You might have to use regex for *.io, because UTM may nnot accept "io"  as website nsme.   Probably this pattern

    ://[^/]+\.io/

    will work.

    The first three character capture the protocol boundary, then any character sequence not containing a slash, then ending with .io.  

    But I do not think it will solve your issue completely.   ESET or any antivirus running on the desktop will see the web request before UTM does.   So it will prompt first, then UTM will block if the user tries to proceed.

  • May I ask a question?

    ^https?://[A-Za-z0-9.-]*\.sophos.com/

    ^https?://[A-Za-z0-9.-]*\.sophos\.com/

    What's the different result of above format?

    Thanks for teaching!

  • The  \. combination represents a period character, because \ ssys the next character is a literal.   Without a \the period is s wildcartd for any one charscter value.

    You want to match "sophos.com" but not match "sophosxcom"