MalwareBytes Question

In the MBAM Pro version, it apparently blocks hostile websites.

Here is an example of a log:

08:03:47 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57612, Process: firefox.exe)
08:04:27 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57646, Process: firefox.exe)
08:13:32 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57762, Process: firefox.exe)
08:13:32 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57763, Process: firefox.exe)
08:17:08 Frank IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 57808, Process: firefox.exe)

=============

... so is this like DNS filtering?

I also use Norton DNS. Did MBAM just filter it out first? Am I getting double filtering, or does MBAM block IP's in a different way?

Basically, I don't get it.

I visited malwarebytes website, but it had no info (that I saw) on this capability.

Overall -- I like what I see in MBAM. Seems to test well, blocks bad sites in real-world use, and the product keeps evolving.


-FTP

 

It blocks IPs, while DNS blocks addresses. A DNS server works on almost any machine (routers included), while Malwarebytes only works on a Windows one. Not similar at all. More like a blacklist firewall.

Not sure about which filters it out first, but there are no incompatibilities.

 

Norton shouldn't reply with an IP address if it is on their blacklist, so norton must've thought the website was ok and resolved the web address to the IP address and then it was blocked by MBAM.

Norton should've blocked it first if it was on their blacklist.

Fuzzy

 

Its very good at stopping script malware. So it basically stop the website from putting malicious code on your pc. Almost like what no script does but only 10000000000 times better

 

Need pr0n?
► http://www.onthesamehost.com/?q=78.140.143.49

Whatever what is blocked, some kind of webbugs - no regular site
has them built-in. are you visiting illegal sites or some strange hosters
or xxx-sites? (some minor private sites earning money with such crap)

if not - any ad-blocker may help!

 

Outgoing ports of firefox?

 

lol

As Brummelchen pointed out, MBAM will block either connections to various pr0n sites (for example), or those connections you listed, they can be ads loading from various sites MBAM is blocking while the site you're on isn't malicious (eg. games sites with adult ads/links for example).

I noticed when using utorrent for example, MBAM will be blocking various connections. Either way, does a great job.

MBAM's ip blocking, I find personally, is quicker and lighter than other programs using web scanning technology. End of the day, you want the site blocked with no fuss.

 

Thank you for the responses.

I'm still trying to understand this...

From Wiki:

A DNSBL (DNS-based Blackhole List, Block List, or Blacklist; see below) is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.​

So Norton DNS is ultimately blocking IP addresses, right?

Is MBAM doing the same thing?

Norton DNS redirected my net traffic through its server. Does MBAM do anything like this?

And how close are any of these activities to what SpywareBlaster does?

With an AV, MBAM, Norton DNS, WinPatrol Plus, and Windows Defender, is there any purpose for SpywareBlaster?

And does Windows Defender even count for much anymore? I remember Windows Defender in its previous life when it was a very nice little product.

 

Norton does a DNS redirect whereas MBAM has an locally stored IP list of known malware sites that is updated with the definitions as needed. You can select to ignore the IP block if you wish.

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100&#entry162100

 

spyware blaster protects your system settings to be changed and provides a backup of it if anything happens. A thing you can do is use Spybot S&D and adds its list to your host file and use the immuninizer.
Also make sure Adobe reader and the writer as updated to latest version. Java remove all the old version. Do not leave the old versions on your pc it will render the latest patches useless.

 

@Spooony: Script malware is only one part of what it can stop, but saying it's far greater than NoScript is false. A whitelist is always stronger than a blacklist unless you make many mistakes creating rules.
Outgoing means Firefox is trying to connect to those websites, not the other way around.

@Frank the Perv: It doesn't affect IP addresses. For example compare these two same pages: http://setup.nortondns.com and http://198.153.194.6/
Once again, MBAM isn't similar at all. It can block IPs though.
No, it simply blocks the connection using a local blacklist.
Not close, SpywareBlaster adds blacklists onto your browser settings. The end effect is similar though.
If you have Internet Explorer, there might be a purpose. If not, no (only blocks cookies in Firefox, no support for other browsers).
With an AV and MBAM running in real-time, Windows Defender is unnecessary.

 

that's why I asked outgoing?
Depends on what white list your talking about?

 

What do you mean by outgoing then? Don't be vague if you want answers.
NoScript uses a whitelist obviously. It disables the scripts unless you allow the website. What other whitelists are there discussed on this thread?

 

Opening post of the OP it shows Type outgoing.
no script you have to create a white list. Malware creators use sites like you-tube to infect people. That place is full of links to rats etc etc. Can you use no-script on you-tube?

 

Yes, of course. You have to whitelist youtube to watch videos. Same applies to fake sites, except you don't have rules for them due to different domain.

 

yes I know but what's the common thing a person does when on a site like you-tube and no-script block something. They let it run. Don't think avg doesn't even know he have to start with his own white list rather than keep on picking the defaults. I once had a link that WOT blocked and no-script blocked. So I ignored WOT let it go with no-script and here starts a antivirus scanning the folder with like something 80 trojans found in a empty folder lol
But if http headers live is good one to use with no script. you can see the requests coming in and out.

OP that ip belong to ~ Domain Name Removed ~ The site has been flagged bad. So it was trying to call home. If you were browsing a social site or a site no where near that place (I hope so) then run a malware scan with malware bytes and do a online scan from any of the av products online scanners to see if there isn't something still hiding on your pc

 

MBAM blocked that first. You're not allowed to post malicious sites by the way. I already have enough scanners.

 

.Eh? That was the site mbam blocked the outgoing attempt of the OP. That was for him not you lol
Do a look up of that ip because adds do the same sometimes. Think that was no add lol