Endpoint Protection

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

Hi Muhammad,

I would advice you to start with a full scan.
Original Message:
Sent: 09-28-2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

Hello,

the best way to see Intrusion Detection Logs is on the SEP Manager: Monitors - Logs - Network and Host Exploit Mitigation and make sure to select Attacks.
Original Message:
Sent: 09-28-2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

This is a URL Reputation detection.  Jarkom is correct view the logs on the SEPM.  Once you have the URL and if it is not malicious you can add a Trusted Web Domain exception to stop these.

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software
------------------------------

Original Message:
Sent: 09-29-2021 06:14 AM
From: Jarkko Mustonen
Subject: Symantec Web Attack

Hello,

the best way to see Intrusion Detection Logs is on the SEP Manager: Monitors - Logs - Network and Host Exploit Mitigation and make sure to select Attacks.
Original Message:
Sent: 09-28-2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

John how do you add a trusted Web Domain Exception?
Original Message:
Sent: Sep 29, 2021 10:14 AM
From: John Owens
Subject: Symantec Web Attack

This is a URL Reputation detection.  Jarkom is correct view the logs on the SEPM.  Once you have the URL and if it is not malicious you can add a Trusted Web Domain exception to stop these.

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: 09-29-2021 06:14 AM
From: Jarkko Mustonen
Subject: Symantec Web Attack

Hello,

the best way to see Intrusion Detection Logs is on the SEP Manager: Monitors - Logs - Network and Host Exploit Mitigation and make sure to select Attacks.
Original Message:
Sent: 09-28-2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Dialog-Overview/exceptions-v8093021-d51e2316/trusted-web-domain-exception-v33640881-d51e3269.html
Original Message:
Sent: Jan 19, 2022 06:00 AM
From: Simon Hand
Subject: Symantec Web Attack

John how do you add a trusted Web Domain Exception?
Original Message:
Sent: Sep 29, 2021 10:14 AM
From: John Owens
Subject: Symantec Web Attack

This is a URL Reputation detection.  Jarkom is correct view the logs on the SEPM.  Once you have the URL and if it is not malicious you can add a Trusted Web Domain exception to stop these.

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: 09-29-2021 06:14 AM
From: Jarkko Mustonen
Subject: Symantec Web Attack

Hello,

the best way to see Intrusion Detection Logs is on the SEP Manager: Monitors - Logs - Network and Host Exploit Mitigation and make sure to select Attacks.
Original Message:
Sent: 09-28-2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

Can you please advice, how can this exception be added in cloud version?
I can't find any controls for this action.

Thanks
Original Message:
Sent: Sep 29, 2021 10:14 AM
From: John Owens
Subject: Symantec Web Attack

This is a URL Reputation detection.  Jarkom is correct view the logs on the SEPM.  Once you have the URL and if it is not malicious you can add a Trusted Web Domain exception to stop these.

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: 09-29-2021 06:14 AM
From: Jarkko Mustonen
Subject: Symantec Web Attack

Hello,

the best way to see Intrusion Detection Logs is on the SEP Manager: Monitors - Logs - Network and Host Exploit Mitigation and make sure to select Attacks.
Original Message:
Sent: 09-28-2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks

Muhammad can you tell me how you stopped this, i dont see an option in SEPM to **** a URL?
Original Message:
Sent: Sep 28, 2021 01:41 AM
From: Muhammad Taqi
Subject: Symantec Web Attack

Hi,

Since yesterday I'm keep getting the popup from Symantec Endpoint protection

[SID:29565] Web Attack: Webpulse Bad reputation Domain request detected.


I ran a Active scan but nothing was found. I also reinstall chrome and deleted all temp files, but still I'm getting this popup after like every 5 minutes.

Also there are no detail about this like which process is requesting for this domain, I searched all logs in the view log section of Symantec Endpoint Protection but there is nothing.

Can anyone please tell me how can I find which process causing this alert so that I can delete/stop it.

Thanks