Blocked threat information

[d0x]

A seperate "log" needs to be added for blocked threats. I recently noticed that in the last week or so it blocked 2 threats which is good..BUT

I have no idea what the threat was, where it came from, when it happened etc. Was it an app trying to do something? Was it from my browser?

The reason we need to be able to access this information is simple. So we can avoid it in the future. I could very well visit the same site or even still have the app installed but i cant tell. What if it is an app trying to contact a c&c server to download something or use my device as a ddos bot and next time adguard doesnt have the server its using in its block list? More and more android malware is being delivered this way, apps downloading files outside the store. Usually they wait until the app has a ton of downloads then update the app with a simple change that allows it to download a malicious payload.

It cant be that difficult to log the info to its own seperate log file. If it triggers a counter then there is already code in place... it just needs to be slightly expanded so instead of just adding 1 to the number on the main screen it also gets a log entry that is seperate from the normal log and it has to be seperate because nobody watches the log all day and you cant tell a blocked ad from a threat.

Please add this... it would enhance the users ability to protect themselves and the actual coding work required to implement it should be minimal.

 

[d0x]

Nobody likes this one huh? Weird

 

[Gray.Fox]

Maybe a separate page with details on what was blocked, where it came from, VirusTotal or similar scan if exists in their database.

I like the idea and it'll informs us.

 

[TimTheFirst]

I think that would be great too!

 

[ag_bug_finder]

Yes, I also would like to see such a log/view available.
Thanks.

 

[BobbyPhoenix]

I'm bumping this because I had AdGuard have a notification that there was an update, and when I opened it, the stats at the bottom said 2 blocked threats. This showed on both my machines. What 2 threats? How bad are they? Where did they come from? I couldn't find any stats/history to see these. It's great that they were blocked, but without knowing what they were can we be sure they were real, or maybe false positive? No one knows.....

EDIT - I Found another thread with a basic explanation here: https://forum.adguard.com/index.php?threads/threats-blocked.40628/

In case someone else stumbles on this thread.

I sent an email and the reply was this from their email back to me. And I am satisfied with their explanation:

"Under the "threats" definition we mean promo pop-ups, possibly malicious connections to untrustworthy sources and some types of ads.
We still work under development of more detailed report of what is being blocked, but for now the statistics you see is the only option."

 

[d0x]

I'm bumping this because I had AdGuard have a notification that there was an update, and when I opened it, the stats at the bottom said 2 blocked threats. This showed on both my machines. What 2 threats? How bad are they? Where did they come from? I couldn't find any stats/history to see these. It's great that they were blocked, but without knowing what they were can we be sure they were real, or maybe false positive? No one knows.....

My point exactly. How do you avoid some threat if you have no record of what it was

I never understood why they could say a threat was blocked by not also record what it was. The best you can do is get a date but that's really not helpful.

 

[BlinderTu22]

Could be great, it'd be useful as to know what to avoid in the future. Plus, it'd be easier to distinguish actual threats from false alerts.

 

[QDLbGtNgOfj3e6kUCF77]

Has this being implemente yet?

 

[d0x]

Has this being implemente yet?

Unfortunately no and I don't believe there are any plans to ever do so but I REALLY wish there were.

Just a couple days ago I opened Adguard to backup settings before I installed the lastest nightly build and I saw that 2 threats had been blocked earlier that day... But I hadn't gone to any sites that would be dangerous so I have no idea what I did that put me at risk and I'd really like to have that info so I can better avoid it.

 

[QDLbGtNgOfj3e6kUCF77]

Yesterday I had 26 blocked threats. Still have no idea what they were.

Isn't it possible to find so analysing the filter log?

 

[d0x]

Yesterday I had 26 blocked threats. Still have no idea what they were.

Isn't it possible to find so analysing the filter log?

26!? Jesus... I get maybe 6-10 a year.

No it's not possible to use identify them via the log. Even though what was blocked is in the log it also isn't highlighted as a threat. It just appears the same as anything else blocked.

I've been on the crusade of getting this feature added for like 4 years at this point. I don't think it's ever gonna happen... although I don't understand why since the app obviously knows it blocked a threat so I don't get why it can't be put in a list all by itself.

 

[QDLbGtNgOfj3e6kUCF77]

Yeah. It's almost a deal breaker failure. Out of all protections, Threats are the most dangerous, and not knowing where they come from is ridiculous.

Why so many protection features if the most relevant and impactful one is impossible to trace bake and take the precautions so it doesn't happen again?

Quiet frustrating.

 

[d0x]

While I agree it's unfortunate that they won't add what seems like something simple there's still no way I'd use an adguard alternative. None of them come even close in terms of quality or getting issues fixed let alone how many features there are like being able to make user scripts like a grease monkey extension.

 

[QDLbGtNgOfj3e6kUCF77]

While I agree it's unfortunate that they won't add what seems like something simple there's still no way I'd use an AdGuard alternative. None of them come even close in terms of quality or getting issues fixed let alone how many features there are like being able to make user scripts like a grease monkey extension.

Agreed but that's such an important, feature, I can't understand how they would leave it out.


It's most likely something deep-rooted into their programming structure (that happens), or otherwise it would be helpful if wanna of them came here and explained the reason or even if they have the plans to do it.

 

[d0x]

Agreed but that's such an important, feature, I can't understand how they would leave it out.


It's most likely something deep-rooted into their programming structure (that happens), or otherwise it would be helpful if wanna of them came here and explained the reason or even if they have the plans to do it.

I don't disagree

 

[Jayman007]

Yes, I very much wish I could identify the source of these blocked threats.

 

[AsciiAntics]

Any update?