When HTTPS scanning is enabled in a client's Avast antivirus software (on a Windows machine) and they try to access the site, they get the messages below and the site doesn't load. If I turn HTTPS scanning off, the site loads without issue.
From Google Chrome:
This site can’t be reached The connection was reset. Try: Checking the connection Checking the proxy and the firewall Running Windows Network Diagnostics ERR_CONNECTION_RESET
From IE:
This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to [site here] again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
Avast Antivirus Pop Up
We've safely aborted connection on [site here] because it was infected with URL:Mal.
What are some things on a site that could be meeting Avast's criteria for malware and causing it to show these messages on the browsers?
Troubleshooting I've done
- I checked all pages and removed any links that do not start with https
- I've entered the site in google's safe status and malware page to check for any malware and it doesn't find any.
- Contacted Avast: their recommendation was to ask each client to add the site to their exclusion list. I may not know a potential client or have contact with them to be able to ask them to add the site to their exclusions list -- I would rather remove whatever is tripping Avast.
Additional information
- SSL on the site is active
- Domain is managed by Squarespace and active (paid for)
- There is also a built-in domain that never expires
No comments:
Post a Comment