In my campus, the server that regulates internet, is somewhat protected with SNORT rules
There’s a login page that campus people need to use in order to use internet. Also, that page lists “bad traffic”, which in my case lists this:
192.168.82.195 220.127.116.11 ET MALWARE User Agent (TEST) - Likely
Webhancer Related Spyware
Seems like SNORT rules are blocking Comodo Messagage Center, because after I turned it off thru registry, it went back to normal (no warnings regarding my PC). Could you fix it somehow?
Thank you, we will be investigating this issue.
Is your campus network restricted to browsers only?
No, we can use all applications. It’s only that we need to validate ourselves from time-to-time to use the internet (mostly its purpose is to block spam/malware attacks and also monitor things like users who turn on their wifi router with DHCP server enabled etc…).
For validation, there’s special address that you get redirected to when you try to browse pages.
Btw what I meant on top is that my name + detection name was listed there (on validation page). All those who have malware that SNORT rules detect, will be listed there.
SNORT has a rule that filters that particular user agent so the request is detected as malware even if the application is clean. We’ll change the user agent in the following release. Please let us know if the issues continues to occur.