Mention the Blacklist source when Malware connection is detected and other disclosures #440
Labels
enhancement
New feature or request
Milestone
Comments
kevin0t
changed the title
|
Which was the domain in your case? |
|
|
|
This is a common problem when an IP address is reused (e.g. Tor, or even a VPS), such false positives are expected. You should use the whitelist for such situations, after investigation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While using some of the apps i saw that malware detection service has detected some connections as malware and blocked it. These apps were mostly crypto related which i had downloaded through official sources and believe are much reputable.
Therefore the chances of these connections being actually malicious is low and probably a false positive.
But it would be better if the UI mentions the source database according to which it was flagged.
I know it is not too difficult to manually do a reverse-lookup all the current 5 databases and find which database flagged it but it would have been lot easier if pcapdroid tells it right in the UI itself, so that user can double verify themselves if the ip is false positive and if to rely on that source.
Also a note in the connection page where malware ip/domain is detected "Connection is flagged and blocked according to "xyz" source , users are advised to do their research and determine if the connection is really malicious or not"
maybe put a link to a section in docs explaining possible safeguards in such situation.
This note could be important as when a user sees such notification with the 💀 symbol , they might be confused and not really understand the risks of it ,why it happened and what can they can do about it.
The text was updated successfully, but these errors were encountered: