A/V blocked connection: app Vivaldi



  • Hi - I browsed to my password management site using Vivaldi and McAfee alerted me that it blocked a connection for me. 1st time this had happened and didn't make any sense. The blocked IP was 52.216.109.133. I did a whois search and got it is an address in a AWS range from 52.216.109.1 to 52.216.109.255. Was vivaldi making some sort of background connection? Is this something I need to worry about? What was this?



  • @joesnowdon Welcome to the Vivaldi Community 🙂

    What's your password management site? Maybe they use AWS and your McAfee thinks mistakenly thinks this is a malicious IP.

    Does it happen using other browsers?

    Vivaldi might make background connections if you've enabled any of the settings under Privacy > Third Party Services, like the phishing and malware protection. However, I'm pretty sure this is only done on the initial startup, to get updated lists.



  • @Pathduck thanks. It has never happened before, and I only just started using Vivaldi as my primary browser cuz I'm loving the multitasking features. I use Abine Blur for my password management, for a couple years now. Not my first view there using Vivaldi, but for some reason McAfee blocked a process that went there as soon as I refreshed this time. That was why I got suspicious - what caused that all of the sudden? I'll check 3rd party services and see if anything is running in the background. Thanks again. I'll report back.

    cheers


  • Moderator

    @joesnowdon said in A/V blocked connection: app Vivaldi:

    52.216.109.133

    Do you use any extension in Vivaldi? Updates of extensions are done in background.
    May be you have some malware (not from Vivaldi) on your PC or a extension communicates to this IP.
    Sometimes web pages create background connections (so called Webworkers, check vivaldi://serviceworker-internals/) to communicate to visitors or show ads.
    May be your password manager uses a Cloud to save or retrieve logins.
    And sometimes the behavioral detection for malware on some security tools is broken and gives false alerts.



  • @joesnowdon said in A/V blocked connection: app Vivaldi:

    Abine Blur

    Well, this company uses AWS for their website so I'd say there's a good change this is the Abine servers. Maybe like said above an extension or some other process on your system makes this connection, and the AV reports it as a false positive.

    but for some reason McAfee blocked a process

    What process made the connection?


  • Ambassador

    @Gwen-Dragon said in A/V blocked connection: app Vivaldi:

    And sometimes the behavioral detection for malware on some security tools is broken and gives false alerts.

    Quite right. Download the VirusTotal extension, I believe from google, and enter the URL. It will show a safety rating.
    Also if you think you need to update Extensions, go to the Extensions page, turn on Developer Mode. You will see an option to Update, update then turn off Developer Mode.
    As said this is usually done in the background and usually is not required,

    2020-03-26 10.34.50 extensions 20ec428d1809 extensions.png



  • @Gwen-Dragon said in A/V blocked connection: app Vivaldi:

    vivaldi://serviceworker-internals/

    I think that it was a false positive, especially if it looks like Abine is using AWS. It is a cloud password manager that is accessible from multiple devices (any desktop I login with, any mobile device, etc.) so that must be the answer. I checked the serviceworker-internals and everthing there I pretty much expect to see, and I have not had the warning again.

    Thanks everyone for all your input and research! I appreciate it!!


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.