• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Same blocked intrusion attempt several times a day. False positive?

I am getting the same notification that an intrusion attempt has been blocked several times a day. It says something about coming from "<b>icdn1.listlist.bizNetwork traffic from <b>icdn1.listlist.biz (whatever that is)" which seems to mean it is an external threat, but it also says it resulted from "\DEVICE\HARDDISKVOLUME3\USERS\CARLW\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" which seems to mean it is internal and coming from Chrome.

Even though the notification says it was blocked and no further action is necessary, it's still very worrying. Is this a false positive? Why the same thing again and again all day every day? Is there anything I can do to stop this once and for all? Here is the full notification text below. Appreciate any help.

Category: Intrusion Prevention

Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description

8/20/2019 5:54:17 PM,Medium,An intrusion attempt by icdn1.listlist.biz was blocked.,Blocked,No Action Required,Malicious Site: Malicious Domain Request 22,No Action Required,No Action Required,"icdn1.listlist.biz (104.25.12.104, 443)","DESKTOP-M5MLKD0 (100.120.35.40, 1046)",icdn1.listlist.biz (104.25.12.104),"TCP, https"

Network traffic from <b>icdn1.listlist.biz</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME3\USERS\CARLW\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

Replies

Kudos0

Re: Same blocked intrusion attempt several times a day. False positive?

Let's not all answer at once.

Kudos0

Re: Same blocked intrusion attempt several times a day. False positive?

As an external attempt to connect to your computer was blocked, you do not have to worry. Norton did its job. The reference to chrome is just the vehicle the attempted connection was using to try to get into your computer. Which makes sense as that is how you connect to the internet.

It probably keeps happening because you keep visiting the same web sites. It sounds like you were on a site that may have had some malicious code on it, possibly as part of some ads on that page. You could try installing an ad blocker extension in your browsers to stop this kind of attack attempt.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Same blocked intrusion attempt several times a day. False positive?

Um, have you tried Chrome Clean up.
Chrome can help you find suspicious or unwanted programs on your computer. If Chrome finds an unwanted program, click Remove. Chrome will remove the software, change some settings to default, and turn off extensions.

You can also check for malware manually.

  1. Open Chrome.
  2. At the top right, click More   Settings.
  3. At the bottom, click Advanced.
  4. Under “Reset and clean up,” click Clean up computer.
  5. Click Find.
  6. If you're asked to remove unwanted software, click Remove. You may be asked to reboot your computer.

FWIW ~ 

Intrusion Prevention = On

Intrusion Prevention = Off

https://safeweb.norton.com/report/show?url=listlist.biz


https://sitecheck.sucuri.net/results/https/icdn1.listlist.biz