Antivirus Troubleshoot - Booking Engine Block
Antivirus troubleshoot | Booking engine block
In some, rare cases, it may happen that antivirus vendors classify your domain as malware, or phishing is suspected. This will also treat the subdomain as such, for example booking.yourdomain.com. Most of the reasons for this are false positives and are caused by Machine Learning algorithms used by AV vendors.
Here is some information on how you can solve the problem.
What is a false-positive?
False positive, which is sometimes written as f/p, is an expression commonly used in cybersecurity to denote that a file, domain or setting has been flagged as malicious when it's not.
In statistics, false positives are called Type I errors, because they check for a particular condition and wrongly give an affirmative (positive) decision. The opposite of this is false negative, or Type II error, which checks for a particular condition is not true when, in fact, it is. In this blog post, we will focus on false positives in cybersecurity, but note that false negatives in this field are commonly referred to as "misses." So "misses" are malicious files or malicious behavior that the scanner or protection software did not detect.
Possible causes of false positives
The most common causes of false positives are:
- Heuristics: decisions are made on minimal bits of information
- Behavioral analysis: decisions are made based on behavior, and the legitimate file shows behavior that is usually considered malicious
- Machine learning: sometimes we see the effects of "garbage in, garbage out," or more politely put, "training did not take certain situations into account."
How to check if your domain is affected
Open https://www.virustotal.com/gui/home/url and enter the domain name to check.
VirusTotal does not list 100% of all possible Antivirus-Vendors, but it would be a good starting point due to most of them work the same way. So if you got listed on Vendor A which isn't covered by VirusTotal you might also be listed by Vendor B which is checked by VirusTotal.
Possible actions
If you have configured your custom domains to point to officialbookings.com please change it to point to your hotel directly, instructions can be found on the domain configuration page.
Searching for a possibility to make False-Positive Reports to the proper Vendor
In most cases a search on Google with the keywords "[Vendor] report false positive" will guide you to the proper page.
Example: The result for Trendmicro
- https://www.google.com/search?client=firefox-b-d&q=trend+micro+report+false+positive
- https://www.trendmicro.com/en_us/about/legal/detection-reevaluation.html
List of popular Antivirus-Vendors delisting pages
| Vendor | Delisting Page | Notes |
|---|---|---|
| Trendmicro | https://www.trendmicro.com/en_us/about/legal/detection-reevaluation.html | |
| Sophos | https://support.sophos.com/support/s/filesubmission?language=en_US | |
| Kaspersky | https://opentip.kaspersky.com/ | |
| Bitdefender | https://www.bitdefender.de/consumer/support/answer/53382/ | |
| Avast | https://www.avast.com/de-de/false-positive-file-form.php#pc | |
| Norton | https://submit.norton.com/ | |
| TALOS | https://talosintelligence.com/reputation_center/support | CISCO Account Required |