Outbound Connection Blocked by Malwarebytes

Discussion in 'privacy problems' started by caspian, Jan 4, 2016.

  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    The reason that I posted this in the privacy problems section is because it appears to be a privacy problem.

    I recently bought a premium version of Malwarebytes. After installing it I got a pop-up telling me that a malicious website has been blocked.

    IP: 198.138.219.228 - (which is NTT America)
    Port: 54205
    Type: outbound
    Process: C:\Windows\System32\svchost.exe

    With the Malicious Website Protection enabled I cannot even connect to the internet. I have to disable it to even update malwarebytes. I don't understand why NTT America is creating an outbound connection from my computer that MB sees as malicious.

    I also have a portable version of Windows 7 in a TC container. When I installed a trial version of MB on the virtual machine, I got the same warning. I had Shadow Defender enabled so I restarted and connected my VPN and then installed MB again. There was no warning. So I guess this means that the outbound connection is only on my real computer. Does anyone have any idea what is going on here?
     
  2. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I think I just figured it out. I have been using Panda free antivirus and evidently they use NTT America. I uninstalled Panda and no more warning. But I wonder why it looks malicious to Malwarebytes? I guess I need to find another free antivirus.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Well, Panda does send your stuff to its servers for scanning, I believe. Maybe there's something in the other-anti-virus-software subforum on that.
     
  4. kls490

    kls490 Registered Member

    Joined:
    Aug 15, 2015
    Posts:
    19
    Location:
    Mid Atlantic Region (USA)
    Hi caspian,

    Have you tried including your Panda AV in the exclusions list within the Malwarebytes program? With my own AV, I have it included in the Malwarebytes exclusions list, and likewise, MBAM is in my AV's exclusion list.

    (i.e. MBAM > SETTINGS > MALWARE EXCLUSIONS)

    Mirimir's suggestion is correct, as there are some "help topics" at the MBAM Forums which address the issue of conflicts between MBAM and various other programs.

    Hope this may help.
     
    Last edited: Jan 5, 2016
  5. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Hello caspian:

    A casual check of IP = 198.138.219.228 shows it unresponsive to browser connection attempts and a few pings. Oddly though a blocking notice from MBAM's Malicious Website Module was not experienced. Would you please double-check your MBAM's History > Application Logs > Protection Log for the time in question? Thank you.

    @kls490: A Malware Exclusion entry is very seldom required with the latest MBAM Premium releases, and even then only when on-access scans slow a system.

    Thank you.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I just scanned that IP address with Zulu and its score was 5/100 - benign. Only thing noted was a few parked/suspended domains associated with it.

    One problem with MBAM Pro is that if it detects a problem with anything, it will block the IP. In this case, it appears to be blocking a server in the backbone.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    No, I decided to try something different. ZoneAlarm offered me their security suite for $9 so I uninstalled Panda. I had thought about excluding it but I felt uncomfortable with the fact that Malwarebytes saw it as a malicious site. I've used MBAM before and had websites blocked. But it never blocked my entire connection to the internet like that, so I got a little creeped out.
     
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I don't see anything for the 4th. It just shows the 5th and the 6th. I do use Shadow Defender but is not enabled when I first turn on my computer. I bought MBAM on the 4th and that's when I uninstalled Panda and installed ZA. I'm confused as to why there are no logs for the 4th. Maybe I should add both Panda and MBAM on my VM and see what happens.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Blocking a server in the backbone? I bet someone reported it. My entire internet connection was blocked. Maybe I should have been more patient and just emailed MBAM but it seemed pretty suspicious. No problems with Zonealarm security suite so far ($9). It does slow some things down a little but I guess I can live with that. Thanks for the feed back.
     
Loading...