From Newsgroup: alt.comp.software.firefox

When I go to xfinity.com, whether logged in or not, or any of the
submenu choices under the menu names across the top of the screen, I see
the message
______________________________
Suspicious application removed
A suspicious application (US/JS_PACKED.AGENT.W) was
found when Firefox tried to access a web site
(assets.xfinity.com)

This access has been blocked
----------------------------

output by ESET, my AV program. I sent off a question to ESET as to
whether this is a false positive or not. They said "not" and suggested I contact Comcast. Since ESET is not intrusive, I'm curious as to whether
any others are seeing this sort of behavior. I see this behavior on two computers.

Does anybody believe that Comcast is unaware of this problem and, if so,
how one could actually contact them?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Jeff Barnett wrote:

When I go to xfinity.com [...] I see the message
Suspicious application removed

I don't see any weird messages here, windows 11 without any 3rd party
A/V, but UBO and Ghostery add-ons in firefox

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Jeff Barnett wrote:

When I go to xfinity.com, whether logged in or not, or any of the
submenu choices under the menu names across the top of the screen, I see
the message

I don't see that; but I get 'all kinds of' different msg/s depending on whether I try to access w/ a browser or w/ wget or curl.

I'm not an xfinity customer; so I'm browser redirected to a page
/national that tries to sign me up. https://www.xfinity.com/national/

OTOH if I work it w/ wget, the redirection doesn't work and I get
failure; similarly curl.

wget
Resolving www.xfinity.com (www.xfinity.com)... 23.7.135.151, 2600:1406:4c00:18f::2af2, 2600:1406:4c00:1a5::2af2
Connecting to www.xfinity.com (www.xfinity.com)|23.7.135.151|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2026-02-16 13:21:35 ERROR 403: Forbidden.

curl
$ curl https://www.xfinity.com
<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>

You don't have permission to access "http&#58;&#47;&#47;www&#46;xfinity&#46;com&#47;" on this server.<P> Reference&#32;&#35;18&#46;f1a5dc17&#46;1771276948&#46;b533d73 <P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;18&#46;f1a5dc17&#46;1771276948&#46;b533d73</P>
</BODY>
</HTML>

Of course, if I use wget on the 'sales' page, it will give me that, ie
it dl/s index.html.

If I use curl on the sales page, it will fill my terminal w/ the index.
--
Mike Easter
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Jeff Barnett wrote:

When I go to xfinity.com, whether logged in or not, or any of the
submenu choices under the menu names across the top of the screen, I
see the message

Oh, I get it.

US/JS_PACKED.AGENT.W

What is going on is that your Ffx is enhanced w/ ESET security, which
doesn't like the .js gambit that your provider likes.

https://forum.eset.com/topic/47582-jspackedagentw-detection-on-1337xto/

That is someone getting that ESET .js agent security block when trying
to access a l337/leet torrent site.

I started getting Threat: JS/Packed.Agent.W suspicious application
page when trying to open posted torrents.

That link describes how to mitigate the ESET problem.
--
Mike Easter
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Jeff Barnett wrote:

Does anybody believe that Comcast is unaware of this problem and, if so,
how one could actually contact them?

You can fix/mitigate the 'problem' yourself. It is a matter of trusting
your provider, not 'fixing' an 'oversecure' report.
--
Mike Easter
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Mike Easter wrote:

Oh, I get it.

That ESET forum discussion is informative.

It is a matter of 'philosophy' conflict. xfinity thinks it is just fine
to run the .js gambit on its customers to pop up an ad. ESET security
doesn't think that is just fine at all, so it blocks the access to the
page and *site*. That is a pretty big conflict in philosophies; ESET is 'saying' "we don't think you should be doing that at all" and xfinity is saying, "we'll run whatever ad pop-up scripts we want to."
--
Mike Easter
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On Mon, 16 Feb 2026 13:30:54 -0800, Mike Easter wrote:

wget
Resolving www.xfinity.com (www.xfinity.com)... 23.7.135.151, 2600:1406:4c00:18f::2af2, 2600:1406:4c00:1a5::2af2
Connecting to www.xfinity.com (www.xfinity.com)|23.7.135.151|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2026-02-16 13:21:35 ERROR 403: Forbidden.

ItrCOs a user-agent-checking thing. Try this version:

wget --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46" -O - 'https://www.xfinity.com'
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On 2/16/2026 2:16 PM, Andy Burns wrote:

Jeff Barnett wrote:

When I go to xfinity.com [...] I see the message Suspicious
application removed

I don't see any weird messages here, windows 11 without any 3rd party
A/V, but UBO and Ghostery add-ons in firefox

What are the two 3rd party A/V items? Would they detect what I'm seeing
if it were really there?
--
Jeff Barnett

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

On 2/16/2026 4:41 PM, Lawrence DrCOOliveiro wrote:

On Mon, 16 Feb 2026 13:30:54 -0800, Mike Easter wrote:

wget
Resolving www.xfinity.com (www.xfinity.com)... 23.7.135.151,
2600:1406:4c00:18f::2af2, 2600:1406:4c00:1a5::2af2
Connecting to www.xfinity.com (www.xfinity.com)|23.7.135.151|:443...
connected.
HTTP request sent, awaiting response... 403 Forbidden
2026-02-16 13:21:35 ERROR 403: Forbidden.

ItrCOs a user-agent-checking thing. Try this version:

wget --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46" -O - 'https://www.xfinity.com'

I tried clicking near the end of the above line and the page loads
without ESET intervention. Please explain what the head of that line is
doing and whether it is "safe". If so what should I do on a Windows 11
machine so FF & ESET discontinue the behavior?
--
Jeff Barnett

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

https://manpages.debian.org/wget(1)#user

https://manpages.debian.org/trixie/wget/wget.1.en.html#user

On Mon, 16 Feb 2026 22:33:06 -0700, Jeff Barnett wrote:

Please explain what the head of that line is doing and whether it is
"safe".

Of course I canrCOt guarantee that you are using the rCLsaferCY version of wget, like I am. If it is rCLsaferCY, it should do what is described here <https://manpages.debian.org/wget(1)#user>.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Jeff Barnett wrote:

If so what should I do on a Windows 11 machine so FF & ESET discontinue
the behavior?

You can rig your ESET to OK xfinity site, ie allow what it wants to
block. That would mean that your philosophy sides w/ xfinity; you might
say that the ESET 'policy' is against what xfinity wants to do.

The 'safety' aspect is not considered in such a judgment.

See my earlier link to the eset forum discussion: https://forum.eset.com/topic/47582-jspackedagentw-detection-on-1337xto/

It has ESET screenshots for fixing.
--
Mike Easter
--- Synchronet 3.21b-Linux NewsLink 1.2