X
Tap here to go to the mobile version of the site.

Support Forum

Recently started to delete downloads claiming 'virus or spyware'.

Posted

Last two days, some of the download have been started to be deleted by saying that 'Blocked: may contain virus or spyware' error message, at download window. The subject downloads are .pdf files, or partial .rar files. This is a new development. Never happened before. I am looking a way to get rid of this recent behavior.

Last two days, some of the download have been started to be deleted by saying that 'Blocked: may contain virus or spyware' error message, at download window. The subject downloads are .pdf files, or partial .rar files. This is a new development. Never happened before. I am looking a way to get rid of this recent behavior.

Chosen solution

Hi FredMcD, I think it's the feature discussed in this thread, screen shot in the second-to-last post: False positive on docx from facebook.

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape "9.4.0"
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 10.67.2 for Mozilla browsers
  • Shockwave Flash 15.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0

More Information

jscher2000
  • Top 10 Contributor
6742 solutions 55106 answers

Helpful Reply

Firefox uses data from Google's "Safe Browsing" project to assess the reputation of websites and downloads. Every so often Google changes the data it supplies, for example, it may be flagging potentially unwanted programs in addition to actual malware.

For the future, the developers are considering an option to override the block and get the file anyway. It probably will be at least a few months before that appears because security-sensitive changes take time to design.

For now, if you think these file blocks are "false positives" and that the files actually are safe, you could do one of the following:

(1) Download the file using a different browser (yikes)

(2) Download the file using a downloader add-on that bypasses this security check. I heard about this in another thread but haven't tried it myself (and also, I don't know which add-ons to trust for this!).

(3) Disable the Safe Browsing feature temporarily to get the file, then turn it back on. There is a checkbox in the Options dialog:

"3-bar" menu button (or Tools menu) > Options > Advanced

On the Security tab, it's the "Block reported attack sites" checkbox. The other checkbox relates to phishing sites and I don't think it affects downloads.

Sorry I don't have a better suggestion at the moment.

Firefox uses data from Google's "Safe Browsing" project to assess the reputation of websites and downloads. Every so often Google changes the data it supplies, for example, it may be flagging potentially unwanted programs in addition to actual malware. For the future, the developers are considering an option to override the block and get the file anyway. It probably will be at least a few months before that appears because security-sensitive changes take time to design. For now, if you think these file blocks are "false positives" and that the files actually are safe, you could do one of the following: (1) Download the file using a different browser (yikes) (2) Download the file using a downloader add-on that bypasses this security check. I heard about this in another thread but haven't tried it myself (and also, I don't know which add-ons to trust for this!). (3) Disable the Safe Browsing feature ''temporarily'' to get the file, then turn it back on. There is a checkbox in the Options dialog: "3-bar" menu button (or Tools menu) > Options > Advanced On the Security tab, it's the "Block reported attack sites" checkbox. The other checkbox relates to phishing sites and I don't think it affects downloads. Sorry I don't have a better suggestion at the moment.
FredMcD
  • Top 10 Contributor
3227 solutions 43528 answers

Are you using any download managers? Mine has a setting asking to scan files after downloading. Check if you have this. Example;

extensions.downloadbar.automaticviruscan;false

What is it that is removing these files? Firefox, or your anti-virus?

Are you using any download managers? Mine has a setting asking to scan files after downloading. Check if you have this. Example; extensions.downloadbar.automaticviruscan;false What is it that is removing these files? Firefox, or your anti-virus?
jscher2000
  • Top 10 Contributor
6742 solutions 55106 answers

Chosen Solution

Hi FredMcD, I think it's the feature discussed in this thread, screen shot in the second-to-last post: False positive on docx from facebook.

Hi FredMcD, I think it's the feature discussed in this thread, screen shot in the second-to-last post: [https://support.mozilla.org/questions/1048742 False positive on docx from facebook].

Question owner

mebatur said

Last two days, some of the download have been started to be deleted by saying that 'Blocked: may contain virus or spyware' error message, at download window. The subject downloads are .pdf files, or partial .rar files. This is a new development. Never happened before. I am looking a way to get rid of this recent behavior.

THANK YOU for all your replies. I have ticked out the 'Block reported attack sites' and the 'Block reported web forgeries' check boxes. I do not know whether this will help, since it has started out of blue by itself, without me making any configuration changes. I am using Chrome now, without any problems. Thank you again.

''mebatur [[#question-1049744|said]]'' <blockquote> Last two days, some of the download have been started to be deleted by saying that 'Blocked: may contain virus or spyware' error message, at download window. The subject downloads are .pdf files, or partial .rar files. This is a new development. Never happened before. I am looking a way to get rid of this recent behavior. </blockquote> THANK YOU for all your replies. I have ticked out the 'Block reported attack sites' and the 'Block reported web forgeries' check boxes. I do not know whether this will help, since it has started out of blue by itself, without me making any configuration changes. I am using Chrome now, without any problems. Thank you again.
jscher2000
  • Top 10 Contributor
6742 solutions 55106 answers

Hi mebatur, just to be clear, I only suggested unchecking the box when you know you need to to get a trusted file but keeping it checked at other times. Otherwise, you expose yourself to unwanted sites and downloads.

Hi mebatur, just to be clear, I only suggested unchecking the box when you know you need to to get a trusted file but keeping it checked at other times. Otherwise, you expose yourself to unwanted sites and downloads.
itekweni 0 solutions 4 answers

Please help....My problem started last night as during the day I downloaded from same site and there was no problem I have not altered any changes to Firefox except updating on Friday to 36.0.1. This is annoying as downloading with the dreaded IE I did not have the problem the files stopped by Firefox was downloaded by IE , I even disabled my antivirus with no effect and have now tried your suggestion about unchecking ...blocked reported attack sites and it works I can down load again so is there no other work around besides unchecking that box...thanks in advance

Please help....My problem started last night as during the day I downloaded from same site and there was no problem I have not altered any changes to Firefox except updating on Friday to 36.0.1. This is annoying as downloading with the dreaded IE I did not have the problem the files stopped by Firefox was downloaded by IE , I even disabled my antivirus with no effect and have now tried your suggestion about unchecking ...blocked reported attack sites and it works I can down load again so is there no other work around besides unchecking that box...thanks in advance

Modified by itekweni

Helpful Reply

I had the same problem.

The probable reason for that annoying behavior: Firefox updates allegedly malicious sites' data to the users' browsers (without asking first, and/or back recovery alternative). Data is supplied by Google.

How I get around it: Tools -> Options -> Security tab -> Uncheck the tick boxes 'Block reported attack sites' and 'Block reported web forgeries'. Use Chrome until you are sure You get rid of this annoyance.

These allegedly 'security measures' are useless (since I had several highjacking, while they were on), and I had to clean the mess manually. They only work by the data provided by Google, while Chrome browser is working perfectly for the same download address!

Browser designers have not had the decency to provide 'ask first' provision, in case of false positives.

Good luck, cheers.

I had the same problem. The probable reason for that annoying behavior: Firefox updates allegedly malicious sites' data to the users' browsers (without asking first, and/or back recovery alternative). Data is supplied by Google. How I get around it: Tools -> Options -> Security tab -> Uncheck the tick boxes 'Block reported attack sites' and 'Block reported web forgeries'. Use Chrome until you are sure You get rid of this annoyance. These allegedly 'security measures' are useless (since I had several highjacking, while they were on), and I had to clean the mess manually. They only work by the data provided by Google, while Chrome browser is working perfectly for the same download address! Browser designers have not had the decency to provide 'ask first' provision, in case of false positives. Good luck, cheers.
itekweni 0 solutions 4 answers

Thanks for your response looks like I might have to migrate away from firefox as they becoming too fancy..I already have Kasperskey and Malwarebytes installed on my pc so do not need a browser to supply these for me...thanks again for response

Thanks for your response looks like I might have to migrate away from firefox as they becoming too fancy..I already have Kasperskey and Malwarebytes installed on my pc so do not need a browser to supply these for me...thanks again for response
FredMcD
  • Top 10 Contributor
3227 solutions 43528 answers

mebatur said

How I get around it: Tools -> Options -> Security tab -> Uncheck the tick boxes 'Block reported attack sites' and 'Block reported web forgeries'.

This is very dangerous. Please leave these turned on.

There are a number of web sites that can lock any browser that lands on them. This add-on can stop such pages; disallow Script Button {web link} The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

''mebatur [[#answer-700776|said]]'' <blockquote> How I get around it: Tools -> Options -> Security tab -> Uncheck the tick boxes 'Block reported attack sites' and 'Block reported web forgeries'. </blockquote> This is very dangerous. Please leave these turned on. There are a number of web sites that can lock any browser that lands on them. This add-on can stop such pages; '''[https://addons.mozilla.org/en-US/firefox/addon/disallow-script-button/ disallow Script Button]''' {web link} The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

Modified by FredMcD

itekweni 0 solutions 4 answers

mebatur Thank you for the input and I have added the disallow script button and I only use the unchecked " block attack sites" when downloading from a secure site which for some reason fro last night firefox has started to block my downloads and once I have finished downloading I check it again so as to be able to surf safe.

mebatur Thank you for the input and I have added the disallow script button and I only use the unchecked " block attack sites" when downloading from a secure site which for some reason fro last night firefox has started to block my downloads and once I have finished downloading I check it again so as to be able to surf safe.
ultimitloozer 0 solutions 14 answers

If this is being done based on the URL, why is the browser even downloading the file when it is only going to delete it when it is done? That is just ... stupid. Pop up a message saying it won't download it because [insert whatever inane reason here] and/or give the user the option to override it. After all, this video clip I am after is from a trusted source and is a video. Period.

If this is being done based on the URL, why is the browser even downloading the file when it is only going to delete it when it is done? That is just ... <!--fucking-- flagged so edited ~J99 --> stupid. Pop up a message saying it won't download it because [insert whatever inane reason here] and/or give the user the option to override it. After all, this video clip I am after is from a trusted source and is a video. Period.

Modified by John99

cor-el
  • Top 10 Contributor
  • Moderator
15694 solutions 141917 answers
See also: *http://www.ghacks.net/2014/11/19/bypass-firefoxs-blocked-may-contain-a-virus-or-spyware-message/
glaliot 0 solutions 2 answers

I have the same problem. New in the last 3 days. Sometimes, it clears after a few hours.

Being no expert, I don't have a solution. But analytically, I could also easily believe that a security feature is being purposefully misused through (or even by) Google etc. for censure or "copyright protection" or whatever...

In any case, this being totally new, someone has done something wrong in the chain in the last few days, probably inserted an ill-designed rule.

I have the same problem. New in the last 3 days. Sometimes, it clears after a few hours. Being no expert, I don't have a solution. But analytically, I could also easily believe that a security feature is being purposefully misused through (or even by) Google etc. for censure or "copyright protection" or whatever... In any case, this being totally new, someone has done something wrong in the chain in the last few days, probably inserted an ill-designed rule.
glaliot 0 solutions 2 answers

Cor-el provided the perfect link to ghacks.net. Very complete and accurate explanation for idiots like me.

The easy solution is indeed to untick the two Block boxes in options> security and refrain from general browsing while downloading the problem files. Then reactivate blocking. Thank you cor-el, and indirectly ghacks!

Cor-el provided the perfect link to ghacks.net. Very complete and accurate explanation for idiots like me. The easy solution is indeed to untick the two Block boxes in options> security and refrain from general browsing while downloading the problem files. Then reactivate blocking. Thank you cor-el, and indirectly ghacks!
FredMcD
  • Top 10 Contributor
3227 solutions 43528 answers

That was very good work. Well Done. Please flag your last post as Solved Problem so other will know.

That was very good work. Well Done. Please flag your last post as '''Solved Problem''' so other will know.
Rich Pasco 1 solutions 35 answers

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.

I have this problem when downloading zip files from a cloud file storage site (e.g. uploaded.net). The zip files I am downloading contain only non-executable content (e.g. text files, jpg images) and were uploaded by a trusted source. Apparently, some hacker(s) post(ed) malicious executable content elsewhere on the same cloud storage site, thus giving the entire site a bad name. For Firefox to block all ZIP files from that site because of that is short-sighted and just plain wrong.