False positive : edge.activity.windows.com

Question

False positive : edge.activity.windows.com

tabodo opened this issue 3 years ago · comments

tabodo commented 3 years ago

Behaviour

Steps to reproduce this issue

edge.activity.windows.com is blocked

Expected behaviour

Microsoft Edge
Version 90.0.818.56 (Official build) (64-bit) should Sync Bookmarks, Passwords, History etc between devices

Actual behaviour

Microsoft Edge Version 90.0.818.56 (Official build) (64-bit) FAILS TO SYNC Bookmarks, Passwords, History etc between devices

Rules used

edge.activity.windows.com

Configuration

Country (ex. United-States) :

Operating system (ex. Windows 10 Pro 64 bits) :

Winver screenshot : 20H2

Open a command prompt and type winver then take / save the screenshot of the window and drag the image file in this issue. For example: http://bit.ly/2vA5sxR

tabodo · Answer 1 · Fri May 07 2021 14:13:47 GMT+0800 (China Standard Time)

See https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-endpoints

dnmTX · Answer 2 · Fri May 07 2021 14:25:27 GMT+0800 (China Standard Time)

@tabodo sorry to disappoint but edge.activity.windows.com is not present in any of the lists here.
You're very likely using some additional blocklist whre the domain in question is present. Double check your set up.

tabodo · Answer 3 · Fri May 07 2021 14:52:06 GMT+0800 (China Standard Time)

Thx. I'm using NextDNS. WindowsSpyBlocker is one of several blocklists used. NextDNS reported the URL as blocked by WindowsSpyBlocker list in its logs. If I disable WindowsSpyBlocker list in NexttDNS the URL is not blocked & sync occurs.

Are you absolutely sure about your claim?

dnmTX · Answer 4 · Fri May 07 2021 15:32:57 GMT+0800 (China Standard Time)

NextDns does CNAME(wildcard) blocking and blocks whatever else is connected to it. Which makes very hard to find the culprit.
Probably is for the best if you open a issue in their repo and see if some more knowledgeable user(who's actually using it as i don't) can troubleshoot it for you and post the results here.
On another note,i remember i've read in the past that there should be an option to disable the CNAME blocking altogether so mine as well look into it.

Are you absolutely sure about your claim?

I'm more then positive,the domain in question is not listed here.

On a second note 😃 ....why don't you just whitelist it on your end and be done with it.

tabodo · Answer 5 · Fri May 07 2021 16:05:16 GMT+0800 (China Standard Time)

I did whitelist it immediately of course, but was trying to be helpful in following up the source of the problem.

I have reported a bug to NextDNS after this confirmation that it's not you guys.

Thanks for your input.
Cheers!

dnmTX · Answer 6 · Fri May 07 2021 22:56:39 GMT+0800 (China Standard Time)

Hey @tabodo, I happened to follow up on your BUG REPORT and seeing all that hate and negativity i'll just post here the links of the latest lists so you can check it for yourself and hopefully put your mind at ease:

Spyware: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt

Win Update: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt

Extra: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt

If you see your domain in any of them,let me know and i will sincerely apologize to you.

tabodo · Answer 7 · Sat May 08 2021 06:19:42 GMT+0800 (China Standard Time)

Hey @tabodo, I happened to follow up on your BUG REPORT and seeing all that hate and negativity i'll just post here the links of the latest lists so you can check it for yourself and hopefully put your mind at ease:

Spyware: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt

Win Update: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt

Extra: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt

If you see your domain in any of them, let me know and i will sincerely apologize to you.

Hate and negativity? I reported an issue and attempted to follow up. WTF man?

Thank you for the links to the rules, it saves me time debugging this.

Taking a look at WindowsSpyBlocker rule sets I see 'activity.windows.com' & 'test.activity.windows.com' being blocked which is questionable and may result in NextDNS incorrectly wildcarding 'edge.activity.windows.com'. Fine so far.

Then looking closer at the rules I see they are blocking 'time.windows.com'. Designating an NTP server as "spying and tracking on Windows systems" is not just questionable, it's plain wrong.

My assumption is the rule sets are, either intentionally or by error, not just trying to block "spying and tracking on Windows systems" but including every conceivable URL associated with Windows OS, which breaks functionality for Windows OS users and is frankly completely unnecessary for non Windows systems.

I have removed WindowsSpyBlocker ruleset from our NextDNS config completely as this is clearly not a bug in NextDNS.
Cheers.

CrazyMax · Answer 8 · Sat May 08 2021 06:28:45 GMT+0800 (China Standard Time)

@tabodo

Then looking closer at the rules I see they are blocking 'time.windows.com'. Designating an NTP server as "spying and tracking on Windows systems" is not just questionable, it's plain wrong.

https://crazymax.dev/WindowsSpyBlocker/blocking-rules/#extra-rules