Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 6466 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block List vs ESET

Perry Pong

 Hi,

  I need to block all *.io & *.doubleclick.net domain. My Setting is following:

Web Filter Profiles | Filter Actions | Block these websites | Regular Expressions 

add " .io "

add " .doubleclick.net " 

Unfortunately, ESET antivirus is stilling prompt a warning to confirm "deny" or "allow" the connection.

How to solve this problem? Please help!

 



This thread was automatically locked due to age.
Parents
  • 0

    I recommend using website definitions linked to a tag, and then apply the tag to an exception or filter action.  Much easier to get right and much harder to get wrong.   Checking the subdomain option makes doubleclick.net variants easy to block.

    You want the ending / to avoid surprises.   example.com/ is different than example.community.us, but they will both match example.com

    You might have to use regex for *.io, because UTM may nnot accept "io"  as website nsme.   Probably this pattern

    ://[^/]+\.io/

    will work.

    The first three character capture the protocol boundary, then any character sequence not containing a slash, then ending with .io.  

    But I do not think it will solve your issue completely.   ESET or any antivirus running on the desktop will see the web request before UTM does.   So it will prompt first, then UTM will block if the user tries to proceed.

  • 0 in reply to DouglasFoster

    May I ask a question?

    ^https?://[A-Za-z0-9.-]*\.sophos.com/

    ^https?://[A-Za-z0-9.-]*\.sophos\.com/

    What's the different result of above format?

    Thanks for teaching!

Reply Children
Unfiltered HTML