Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Question about approach to identifying possible false positive
« previous
next »
Print
Pages: [
1
]
Author
Topic: Question about approach to identifying possible false positive (Read 1579 times)
hedders
Newbie
Posts: 4
Karma: 0
Question about approach to identifying possible false positive
«
on:
December 17, 2023, 08:51:14 am »
Hello,
I'm a pretty new user of Zenarmor, having only recently upgraded from a consumer-grade home router to an OPNsense box (which I'm very happy with).
I am seeing a lot of blocks of outgoing connections from my phone to a host called "prod-mobile-api.jn3cx6xo36.net", which Zenarmor seems to be categorising as "Malware/Virus". I suspect it is a false positive, but it is obviously concerning and I am struggling to find any info on what it is, or why Zenarmor might be categorising it as malware.
Googling for that hostname leads to a few auto-generated "we've scanned this host for viruses and found nothing" type pages, which tell me very little.
The regular posters in this forum seem to be pretty experienced and knowledgeable, and I wondered if anyone can give me some pointers in tracking down what's going on here please? For example, do any of you know what databases Zenarmor draws its blocklists from?
If the mods think this is OT then my apologies, and do feel free to bin.
Thank you all in advance for any help you're able to give.
Logged
Meg
Newbie
Posts: 29
Karma: 1
Re: Question about approach to identifying possible false positive
«
Reply #1 on:
December 18, 2023, 01:54:23 am »
If your quite sure its a false positive you can submit here (
https://www.zenarmor.com/site-classification
) to have it checked to see if it should be reclassified.
Logged
hedders
Newbie
Posts: 4
Karma: 0
Re: Question about approach to identifying possible false positive
«
Reply #2 on:
December 18, 2023, 05:21:44 am »
Quote
If your quite sure its a false positive
Thanks. I guess the issue is I'm not sure if it is or not, and I'm struggling to find any useful info to help me find out. Do you happen to know if there is anywhere I can look up why it was matched?
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: Question about approach to identifying possible false positive
«
Reply #3 on:
December 19, 2023, 11:30:42 am »
Hi,
Thanks for the report. It seems a false positive classification. Its category is changed and published to the servers.
Logged
hedders
Newbie
Posts: 4
Karma: 0
Re: Question about approach to identifying possible false positive
«
Reply #4 on:
December 19, 2023, 06:12:41 pm »
Thank you!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Question about approach to identifying possible false positive