Items Show up inBlocked Conversations Heatmap that have been added to exclusions

Started by Meg, June 14, 2025, 05:40:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 14, 2025, 05:40:50 AM
Hello: I have hosts (i4.c.eset.com, and c.eset.com) required for live grid on eset antivirus that have been added to exclusions but are still showing in blocked conversations heat map. Can anyone explain to me why these items are being blocked when they have been excluded globally.
June 14, 2025, 05:52:50 AM #1
Hi,

What is the Block Message in Blocks report for these domains?
June 15, 2025, 08:26:28 PM #2
Thanks for the reply SY: Im not sure what you mean Block Message in Blocks report. Where do I find that?
June 16, 2025, 04:26:40 PM #3
Hi,

In the Live Sessions - Blocks tab, there is a "Block Message" column. If it does not exist, you can enable it from the Layout section on the same page.
June 16, 2025, 08:44:12 PM #4
The block message is firstly seen sites. I don't understand why it still gets blocked when it is added to the exclusions list.
June 17, 2025, 12:39:44 AM #5
Did you exlude them as i4.c.eset.com, and c.eset.com or as eset.com?
Can you make a pic and show us the exact exclusion in ZA?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
June 20, 2025, 09:08:08 PM #6
Thanks Seimus. Yes I had excluded them as you said , but they keep getting blocked
June 21, 2025, 09:16:25 PM #7
This is wierd,

On the heatmap actually they are shown as
i4.c.eset.com:80
c.eset.com:80

From perspective of the domain, this is different from i4.c.eset.com & c.eset.com. I think ZA here is for some reason showing the domain with the port 80. Cloud be a BUG

Regards,
S.

Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
June 22, 2025, 01:10:11 AM #8
Thanks for your reply. I will wait and see if anybody else has any more insight into this. I don't remember it doing this on earlier versions of opnsense.
June 22, 2025, 06:07:34 AM #9
Update: I put in the ip address that the host name resolves to instead of the host name in the exclusions and it seems to have solved the problem so far.
June 24, 2025, 01:43:48 PM #10
Hi,

Most probably "*:80" causes the issue. If you can share debug logs we can investigate it. You can increase log level in Settings - Logging - Level - DEBUG4. then please contact to the support team via "Have Feedback" option in the bottom left corner of UI to share the logs.
June 24, 2025, 02:05:13 PM #11 Last Edit: June 24, 2025, 02:19:13 PM by sy
Hi @Meg,

We have determined the issue. It is due to the hostname is with ":80" port number and doesn't match to the whitelisted domain. The next maintenance release will have a fix for this.
June 25, 2025, 09:44:04 PM #12 Last Edit: June 25, 2025, 10:18:43 PM by Meg
I have sent report as requested.
June 26, 2025, 02:00:43 PM #13
Hi,

Thanks for sharing. It will be fixed with the upcoming release.
Print
Go Up Pages1
User actions