gonzo

So far, we have been unable to reproduce this. I am reaching out with this status so you know we are actively trying.

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience.

I can get the same thing from sfgate.com. And yes, it will overflow. They are all in the ads and trackers, caused by inability to load nauseating ads which causes more attempts to load nauseating ads ad nauseum. As far as videos go, if you saw the video you wanted to see, you were likely just robbed of the opportunity to subscribe to something. A heuristic block is not going to be related to a file. It will be related to a process or a chain of processes. Including those in a debug log would likely make a log bulky, add little intelligence for the average user, and make proprietary methods public. That would limit our ability to protect users. I could be wrong, but I don't see a change in that policy as we are entering a time where content must be scrutinized more than ever before.

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience.

Check the SETTINGS screen

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience. The block was because Office files can be easily manipulated to make them malicious. We block them by default with Browser Guard.

Yes, we do not target YouTube. Everybody should be able to enjoy cat videos whenever they feel the need. The new methods will provide protection for any site.

Ah, got it! I see it now (now that I know what I am looking for). I usually don't go in there except for whitelisting purposes. That would be part of BG-Youtube performance enhancements.

I didn't see any mention of heuristics, and behavior looked about the same as it was in previous releases. (my opinion)

I have tried a few and not seen a mention of this. Can you provide a link to one that shows this?

Please provide an example of the block. The only thing I see being blocked is several messages related to download of a browser, which has nothing to do with the content of the site.

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience. At the same time, I agree with what @Porthos has commented. That could get you back onto the block list at any time. There are far too many negatives to overlook, and many blocking processes are automated. Nobody will be looking to see if you were unblocked at any time in the recent past.

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience.

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience. We block downloads of executable files and Office documents, due to their popularity as a vehicle for providing infected macros.

I used to write all Malwarebytes user guides, and it was important to me that why something should/should not be done is as important as the act itself. Users can become more knowledgeable and use our software more effectively. The alternative costs users and costs us. I would rather see us all win.

The site has been whitelisted. Please allow 15-30 minutes for changes to take effect. Sorry for the inconvenience.

Because you asked that your request (and my response) be deleted, you likely never read the result. Here it is, again. The sites have been whitelisted. You should know that excessive usage of this browser feature is commonly used by websites designed to scare users into behavior which benefits the website. I cannot see notifications here because a login is required first. If (and when) browser vendors increase their protection against the behavior I have mentioned, you may need to tone down your usage of notifications. Please allow 15-30 minutes for changes to take effect.

Answers are sometimes handled with brevity...I'll try. We have Malwarebytes Premium and Malwarebytes Browser Guard. They are separate programs. Giving Browser Guard permission to manage warnings for premium means only Browser Guard will tell you about blocks. Both will still be doing their job. You can choose to ignore a Browser Guard block (that is to allow once, or allow always). If it is a block that premium puts on, it is more rigidly enforced. The native apps permission to communicate is from the browser, and is because they do not our messages come through their software. In simpler terms, the browser is saying "Should I trust them?" In this case, the answer is yes. For both of the permissions questions, you only need to set them once. Websites are (in most cases) blocked because of recent history that we have on them. There are a few that are not based on history (non-standard domains that are more often used for malicious purposes, downloading of executable files, or too many notifications). I commonly whitelist ones that are not based on history, but I verify each are safe first. One more piece (pertaining to your first question)...if something is blocked as suspicious, you can allow it if you know you can trust them or if you also have Malwarebytes Premium. Premium is more powerful and can block in real-time mode. If you only use Browser Guard, report the website here instead and stay safe. If its okay, we can whitelist it.

It took a while to get the answer to this one. The first notification (regarding Malwarebytes Premium) is presented by Browser Guard. It is legitimate, and it is ours. The second notification (regarding native apps) is issued by Chrome, and it is because we are operating within the context of the browser. It appears ONLY if you have said to allow Browser Guard to manage blocked website warnings for Malwarebytes Premium as well. It is legitimate also, and even we find the two confusing. Our message is slated for change in the near future. We can't do anything about the second one. EDIT: I left something out. The native app is our premium product.

Please let us know if you do find out any more about this. I tested downloading files (expecting to find issues), but did not. Excutable files downloaded without issue.

This is legitimate, and is recent. We have recently enabled communication with Malwarebytes Premium and Malwarebytes Browser Guard (two separate applications), but due to the way that both work on your computer, you must explicitly approve that communication. That change has met with some complaints from users of each/both app(s), and we are trying to improve both the methods and the messages. The first setting you mentioned can be easily changed after your initial setting has been made, but I only see one method for changing the second setting. That is a factory reset of Browser Guard (available on the Support screen). You can uninstall and reinstall Browser Guard as well, but the reset is much easier, faster and accomplishes the same thing.

Can you provide URLs or search topics for any of your videos so that I can see for myself? If you have them behind authentication, perhaps give me the direct URL? You can do it with direct message if needed. We may end up losing you as a user, but it won't be because I didn't try. We block Google Tag Manager and Google Analytics, and Doubleclick because they are nothing but trackers and advertising. They do not add to user content, and should not be a tollbooth for getting to user content. I did not see anything else being blocked, but that may be because the blocks occurred in a previous browser session

We have two issues here. First is that I am seeing several messages in the log: {"@timestamp": "2022-03-08T20:10:21.981Z", "session": "1646752213495", "message": "IWL: Scams wl in invalid state. Whitelisting by default.", "level": "INFO"} {"@timestamp": "2022-03-08T20:10:21.987Z", "session": "1646752213495", "message": "IWL: Malware wl in invalid state. Whitelisting by default.", "level": "INFO"} That makes me question the integrity of the Browser Guard databases. Please ask your student to press the Check for DB updates on Browser Guard's Support screen. After doing so, he should wait at least one minute to allow databases to download and be merged. I also understand there may be some network disruptions occurring now that could affect network speed. The second issue is that you reported the issue yesterday, but the log is showing only information from today. Outside of the questionable entries already mentioned, I do not see anything being blocked that should not be. Logging starts fresh each time the browser is opened. If you could ask your student to collect logs immediately after receiving a block that he thinks is wrong, that will give me data to work with.

We believe it was caused by a database that periodically requires optimization. There were a few other sites that were affected in a similar manner yesterday. Sorry for the inconvenience.

I downloaded all but analyzeiqlab-setup-v304-jre.exe on Saturday. I did miss the file I just mentioned then, and did download it today. I stand corrected there. I'll try to elaborate further on download blocks. Executables from major websites (such as Dell, Microsoft, NVidia, and the like) are not blocked. Executables from smaller, less frequently visited sites are blocked. This is sometimes due to the lack of a verifiable cert associated with the download, sometimes because of filenames that match certain characteristics used by common malware, and sometimes because of the lighter traffic on the website. I am not privy to the full set of logic attached to this decision, and I do not want to make anything up. There is likely much more involved. Your downloads are false positives. That is why I whitelisted the site. I will also agree with you that the wording of the message is problematic. The message is constantly evolving, trying to become clearer. I can't say it always is. This forum thread is an example.