I'm having a problem with an annoying popup. Here's what Bit Defender said about it.

Answers

  • Suspicious connection blocked

    2 minutes ago

    Feature:

    Online Threat Prevention

    msedge.exe attempted to establish a connection relying on an expired certificate to extensionwebstorebase.edgesv.net. We blocked the connection to keep your data safe since websites must renew their certificates with a certification authority to stay current, and outdated security certificates represent a risk.

    Add to except

  • Hello @Goat1 and welcome to the Community!

    This situation is caused by the fact that the website in the notification has an expired certificate.

    If you do not visit the website and you still receive these notifications, then your browser connects to it either through allowed notifications or toolbars/extensions. I suggest that you clear the cache & cookies, remove any unused/unknown extensions and if the issues persist, reset your browser. You can find these steps here:

    https://www.bitdefender.com/consumer/support/answer/2574/

    Alternatively, you can add an exception (if you haven't already) for the website in Bitdefender - Protection - Online Threat Prevention - Manage Exceptions, or, from the same area (Online Threat Prevention) - disable the Encrypted Web Scan feature which scans for the certificates of websites (not a recommended action).

    I hope this helps.

    Best regards.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Hello Everyone. This happened to me with opera. and it was annoying.

    I had no ways to discover where they were coming from. I removed everything from Opera: bookmarks, extensions, cookies, everything. I even went to regedit looking for the domain that was related to these alerts and removed everything, literally.

    Nothing was fixed.

    Finally I had to download Wireshark and left it listening to my traffic placing a filter like 'tcp contains "copanama" ' and I found out that there were several attempts over port 443 and 80 to connect to a website with that copanama in it and it had an IP address I used for a rule at the firewall.

    I went to bitdefender firewall and blocked all traffic to that ip. Right after I blocked it, I got similar alerts from another domain, same alert. I repeated the steps. And finally a THIRD alert with another domain.

    So far, I've put 3 rules and the have worked. I've got no more alerts.

  • Hello @BigUpRush and thank you for sharing your findings and workaround with us!

    Here's more information about the "Suspicious connection blocked" notification:

    There is an ongoing review process for the notifications and our developers are looking for ways to streamline the pop-up messages and warnings, especially the ones that are stealing focus, to further improve the manner in which the product communicates with the user.

    We are making progress with this type of notifications and a proposal to implement a throttling mechanism specific for these type of pop-ups from encrypted web scan has been recently pushed forward by the product managers.

    It is essential to continue to log events for each incident, but limit the amount of pop-ups that get displayed, regardless of what's being blocked. The actual problem, as reported by many users, is that these notifications interrupt user activity and steal focus by being too frequent, since a pop up is triggered for every dangerous connection attempt, which can happen continuously.

    I have brought this into the attention of our developers and provided countless detailed examples from the community. This is now being addressed with high priority and I trust they will find a suitable solution in a timely manner.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user