Suspicious connection vs malicious URL
For a same detection, I have found the notifications on the right saying "malicious URL" and "Malware", but the Threats blocked saying "suspicious connection" and "unmatching certificate".
They are two different kinds of threats, are they not?
Comments
-
Hello @Hung Do,
It is possible that the link has both of them. The page can hide malicious content and the “Suspicious connection blocked” notification is triggered by Bitdefender’s Online Threat Prevention module whenever there is an attempt to access an HTTPS domain that has security certificate issues. Unlike HTTP (Hypertext Transfer Protocol), HTTPS (safer HTTP Secure standard, HTTPS) is encrypted using Transport Layer Security (TLS), securing communications between your computer and the websites you visit.
HTTPS is indicated by the small lock symbol that appears in front of the address line whenever you visit a website. The padlock usually means the site has a valid HTTPS certificate, the site domain is verified to match the name on the certificate, and the connection to the website is encrypted. In other words, the information exchanged between you and that domain is not in clear text, but encrypted.
Unsafe domains are external links to websites that do not have a security certificate issued by a trusted certificate authority, have an unmatching or expired security certificate, and could contain phishing, malware, or unwanted software.
So in this case, both detections appear to be correct.
Regards
Premium Security & Bitdefender Endpoint Security Tools user
3 -
Thanks for your reply.
If it is the case, I am wondering should the "Threats blocked" session (on the left) also include the information in the "Notifications" session.
Just my 2 cents suggestion.
1
