Security risk reported by Kaspersky

[alexsolar33]

I have received this email from Microsoft Community, and there is security risk with your plugin Autoptimize according to Microsoft and according to Kaspersky database: They tell me the following: "...the problem is with one of the plugins that you are using "autoptimize". I use the Kaspersky antivirus and your website was blocked by Smart Defender because the "autoptimize" plugin is in Kaspersky databases as a "Threat of data loss". You will need to check if your plugins are updated or find another plugin to replace the "autoptimize", until you fix this your website will be blocked and red-flagged by all antivirus with web protection." I do not want to replace autoptimize by another plugin, and I have checked that I have the latest version 3.1.7

[futtta]

There was a security issue in 3.1.6 which was addressed in 3.1.7, I am totally unaware of an issue in the current version though. Did they provide links to a page with more info on the suspected vulnerability?

[alexsolar33]

They have provided this image link with further details
https://filestore.community.support.microsoft.com/api/images/12ab4b11-8d96-4632-b51d-cd27f98cab52?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2bfFBh2dqlqMuW7np3F6Utp%2fKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2fU3qhn54FsQRFDbzjhULxwMZH9%2fN6OSlORWZ64661nGnUdQBNpTeFsHNHdlifF3uJ6K54%2bS%2fzNHio2ifYja8ufN7bd%2bHJBbbDLlzWVgGdwXeeq1HuplA%2bLBoToOgE8IuCBe97HDOcCoMEcE7EsDz8EA3BI0NTbw%2b6as38R5oDLVkVg1VL8Ca1DfQqph35TEcs%2bs99Fm1yP5l59oLnIc%2bzy1CwzFo84DhT%2fsHbX1C2YB6G5M43zOr9RkNg%2b94KkBkrrU9k4Lqn%2fRZFp6sH5q1nZ0pXLXEmIjdSDc4ZVSARzsl%2fuBhanI%3d

Also this is the link were I have published my claim to the Microsoft Community
https://answers.microsoft.com/en-us/microsoftedge/forum/msedge_issue-msedge_win11/my-website-wwwmaslenovoes-has-been-blacklisted-by/d2aa755c-586c-486f-95e7-b8ca254a00f3?messageId=74626145-e970-47c8-8188-83313a7cae67

[alexsolar33]

Did you have the opportunity to take a look at these links ?

[futtta]

no, had not seen them yet; github does not send notifications when a reply is updated, only on new replies, hence I was blissfully unaware ;-)

the first link shows that no only autoptimize files are blocked, but also files did not touch (e.g. jquery.min.js), which at least indicates the problem is not autoptimize as such

the 2nd link is merely one guys' opinion and does not share proof that the problem indeed is due to AO and how AO would be a problem.

so based on this info there is no proof of a problem with the latest version of AO.

[alexsolar33]

The problem was a false positive provoked by Kaspersky database. After installing Kasperky premium 2023, and using its different tools for Internet Security, first it detected the alert in the Google search results. But after around 20 minuts all alerts have dissapear.

There are no threats or security risks with Autopmize plugin. Addittionally, as I have a multisite Wordpress, I could checked that my other websites with the same installation and plugins do not have any alert from Kaspersky and Microsoft Defender.

Currently, the Kasperksky Support team has confirmed is a false-positive and they are working to prevent this to happen again in the future.

[futtta]

thanks for the feedback alexsolar33 :)