Vikram -
Thank you for your instructions. Is there no way to exclude the one remote IP only?
Thomas -
The site is ncsasports.org.
Safe Web says it's safe. The three community reviews have the tone of others having trouble as well.
iofractal -
The site allows users to upload content, including profile pictures. I'm guessing some user uploaded an executable as their profile pic.
All -
Thinking outloud here, mostly: what is best practice in this case? I don't want to exclude protection from this type of threat, but the site is legit and users need access; it's the socially contributed content that appears to be the threat.