Bot Protection marks Samsung Internet as malicious
We have discovered that after Samsungs latest upgrade of the built in "Internet" (Samsung Internet Browser) 184.108.40.206, the bot protection both in transparent and blocking mode adds the cookie who is responsible for marking the device as malicious.
When logging, we can see that first visit it is just a regular device. No bot, no malicious activity and so on. Next refresh of the site will immediately make a Connection Reset. Dumping pcap shows that handshake is done and Application data begins then it stops.
With that said. If you remove this cookie, everything works fine again. It is a TS****** with a expire date seven weekdays of the first visit. Then you need to clear cache and cookies on the device to get it to happen again.
We are still looking for a solution, adding the browsers user agent will not fix the issue for us.
Hope that this will help anybody in our seat looking for a solution. I will keep you updated if we find anything that will solve the issue,