Can you please stop blocking ZScaler traffic as this is preventing me performing my day job?
Hello Mark, Are you an employee of the company in question? I visited the website of the company in question just a bit ago. Running their analysis tool I indeed got an intrusion warning with my Norton product as you have suggested. Norton detects EICAR standard A/V test file as a known attack signature, is this what you are seeing? Please see screenshots for reference. You can create a site review at the link below if you wish or contact the site owner and have them do the same. Cheers!!
Please give us the url for your website. If you have not registered for Safe Web, please do so. The link for the site is given above by Soul.
After registration, please post your HTML file. This is necessary for verifying your ownership of the site. After that I can have it evaluated.
Your welcome. I haven't been around the forums much lately. Been converting VHS tapes to DVD for one of my customers the past couple of weeks. Those old tapes are 5-6 hours long and I have over 50 tapes in this batch. lol
Hello people. I was reading some of the Forums and found this one to read. I was hoping perhaps you guys/gals could give a little more detail on whats going on. Just trying to understand some of this stuff.
It looks like MS88980 went to ZScaler website. There a 'Check your security now' was done. In which the 'Analysis Tool, Security Preview' scan was done. In doing that scan, a Block was done by Norton, because Norton saw this as a intrusion (Not a virus)? The intrusion was 'www.eicar.org'. which when I look this up is a website that gives away malware test file.
Ok, so the problem is that MS88980 wants to run the 'Check your security now' on ZScaler website and not get a block alert, is that correct?
The solution is to contact the owner and have them register the file with Norton Safe? I think that is what Soul was suggesting.
Am I close?
Indeed so. The site owner will have to register the site with safe web for it to be analyzed. Thanks floplot for the assist. Cheers.
From SoulAsylum's image aboveIf the ZScaler web site is testing your system's security by trying to download eicar.com, then Norton should be blocking that download. Remember from the old DOS days a .com file was an executable.
Thanks for making the screenshot larger. I couldn't read it before. Eicar gives out a test virus so that you can test your computers security. Therefore, If it gets blocked, it's a good thing and doesn't need to go thru Safe Web. If it's stopping you from doing your job, do you work with computer viruses, MB?
Thanks for the comments.
I have been following this post, just to educated myself. But, MS88980 (I believe) was stating when he goes to ZScaler Cloud Security website, ( https://www.zscaler.com/ ) there is a link on that website to use to check one's computer security. (Orange zone, 'Check Your Security Now'.) When he does that, his Norton Security Blocks the security check. Because Norton Security thinks it is a MaWare trying to get into the computer, but it is NOT malware but a security check. He/She (MS88980) wants the security check to go through without being blocked by Norton Security. I believe SoulAyslum is stating that the ZScaler needs to register that security check with Norton Safeweb. Now Safeweb states that www.zscaler.com is a safeweb website. But that does not mean the link ('Security Now') on that website is ok, That link doing the security check needs to also be registered with Norton Safeweb.
Now I ran the test (ZScaler, Security Now) and my laptop (F) Failed. I believe it failed because this test is for Company Firewall (router) testing NOT personal laptops/computer like home owners. I tried to get them email me the results but No, they want a company email. How they knew my personal email was not a company email I do not know. I will posts some snippets of what the test results were. (If the snippets are allowed to show up by Norton)
I might have this all wrong, like I stated I am trying to educate myself and keep my skills (if any) up to date. Plus, MS88980 is NOT giving us a lot of detail to work with. I am guessing at most of it.
But I do appreciate you-all's comments.
Trying to put this information down in a comprehensible, easy to read, flow is time consuming and difficult. So I understand when someone posts something how difficult it can be. If you make mistakes in details or flow, that is ok, I get it. we all struggle. This is just something we try to do on the side because we want to. I have learned a lot from these posts.
Indeed Robert you are spot on!! https://www.zscaler.com/ is not the problem as you stated. The intrusion comes from www.zscaler.com as you, floplot and peterweb have stated, which in turn, belongs to the previous website owner. This is the penetration test being sent and has to be whitelisted / reviewed by Norton in order for it not to be detected as malicious. IF MS88980 is NOT the site owner therein lies the issue at hand. Not having more information as to their need compounds a solution other than previously stated. The penetration test itself is being detected AND recognized by Norton as it should thus the website is doing what it is advertised to do as well. Cheers!!
Until @MS88980 posts back with an image of the block message, we do not know for sure what feature in Norton is blocking something on that site. It could be Safe Web, it could be Auto Protect.
When they return, we can see how to help.
If you are experiencing an issue that needs urgent assistance please visit our customer support area:
There are currently 10 users online.