John A

Thanks for that info, MattsComputers. I was interested in the new MSE feature "protection from network based attacks" and whether that conflicted at all with MBAM IP blocking.

Has anyone tested Malware Bytes real time protection together with the new MSE 2.0?

Hi Sharmin From the response from Skype Support in the above link, my guess is that what you are seeing is either a Supernode or a Relay Node. Skype depends on decentralising its traffic to achieve its voice & video quality. As Skype Support says "Skype is a peer-to-peer (P2P) application. Peer-to-peer makes it possible for multiple computers running the same P2P software to communicate and participate in traffic routing, processing and other bandwidth intensive tasks that are usually performed by a central server" So it is likely to access anywhere in the world to achieve this, and it also explains why some Skype users see different IP blocks to others. But Skype point out that actual Skype communications between users are encrypted. They also say "Our security model also prevents anyone with a supernode or relay node from interfering with, or capturing any part of, a Skype communication, even if they can collect or sniff network data packets. It also makes it very difficult for anybody to eavesdrop on content by installing an internet computer in the theoretical path of Skype traffic" I had a period when I was tracking IP blocks where Skype kept trying to hit a particular IP address but stopped after a couple of weeks and then a different one happened. You will probably find that your Skype will move on from 193.169.40.7 eventually, and you may get no further blocks, or you may get blocks to some other IP address. All that is part of the package when you install P2P software. In Skypes' case, MBAM IP Blocking has revealed some of its workings normally hidden under the bonnet ....

Hello Shamrin Did you see the response from Skype Support re this here? I only have Skype running now when I am actually using it. I suggest that you don't worry about it - it is highly unlikely to affect the functionality of Skype if these are blocked by MBAM, and Skype itself seems quite secure. You could turn off the tooltip balloons and just check the logs periodically for non-Skype blocks

Your friend is using Windows Media player, so it would be normal for music file icons to become "music notes" Re the .INK file - do you mean .LNK file? If so, you may have sent a Windows Link file instead of a music file. Get your friend to right click on the .LNK file and choose Properties then see what it says in "Target" - it may be a reference to a file on your hard disk, so you can then have a look at what it was.

No worries. I became interested in this issue when Skype caused IP blocks on my computers. In XP, MBAM can't name the process causing the blocked IP address because XP can't provide the information. One of the experts will have to explain the difference between IP blocking and a firewall, all I know is that they are different functions and that IP blocking does not replace a firewall. IP blocking in MAM operates on all internet operations, not just browsers

Hello Whatmeworry See explanantion of IP Blocking Section G here MBAM 1.5 will tell you the name of the process attempting to access the IP address but only on Windows 7 or Vista - not XP - see this thread for an explanation. So it is a bit difficult to ascertain the source in XP. If you were surfing at the time then it may have been your browser that was accessing that IP. It can also occur with Skype and similar programs even when you are not using them (provided they are running). If it happens when you are accessing a site that you think is safe you should report the block as a possible false positive here. But it can also occur if you have malware, so if you are not sure what may have caused it you should do scans with your AV and MBAM MBAM IP blocking works differently to a firewall, so the fact that your firewall didn't complain is not surprising.

CurrPorts might help http://www.nirsoft.net/utils/cports.html or TCPView http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx

Hi Tommytiko See explanantion of IP Blocking Section G here MBAM 1.5 will tell you the name of the process attempting to access the IP address but only on Windows 7 or Vista - not XP - see this thread for an explanation

You need to ask Google why Chrome might be accessing that IP address - and they should be able to at least give you some clues. Is Chome actually loaded when you get the IP block - Chrome loads something at startup, I recall, maybe it is that? I also got a Canadian IP block from Thunderbird - InterWeb at Montreal 76.76.106.186. I am fairly sure it happened when I accidently clicked on a spam email

... also Microsoft Security Essentials .

Knowing that it is Google Chrome that is accessing the site, and tat it doesn't happen on your computer with internet accesses from other programs, I suggest that you ask Google Support for an answer. I had a similar issue with Skype and they explained it - see this thread.

Hi Lork Suggest you look at the explanation here. Post back if you have any more questions.

Hello Pooh Your dial-up provider would not be filtering all malware - but they may be filtering some email messages that are spam or that contain malware. If your system is clean, and you are careful where you go on the internet, and you don't install downloaded software that is not trustworthy, then it is quite normal for your Avast and MalwareBytes to not find any malware. As for Avast finding malware and removing it silently, you could check the Avast settings - I think that it has a Silent Mode that can be switched on/off. But be assured that you should still have your Avast and Malwarebytes monitoring your system.

There is a thread here that might be helpful - although the suggested fix requires registry changes

When the final is released, can it be installed over the Beta, or should Beta be removed first?

These occurrences should appear in your "protection-log ..." files.

Is Skype running? See this thread

I get this error with 1.5B when I first turn the computer on, after that MBAM seems quite happy. 06:17:54 (null) MESSAGE Scheduled update executed successfully 06:17:57 (null) ERROR Scheduled scan failed: GetUserToken failed with error code 0 06:18:14 John Marg MESSAGE Protection started successfully 06:18:18 John Marg MESSAGE IP Protection started successfully 06:19:04 John Marg MESSAGE IP Protection stopped 06:19:06 John Marg MESSAGE Database updated successfully 06:19:07 John Marg MESSAGE IP Protection started successfully 06:26:08 John Marg MESSAGE Scheduled update executed successfully 06:26:12 John Marg MESSAGE Scheduled scan executed successfully 06:27:09 John Marg MESSAGE IP Protection stopped 06:27:11 John Marg MESSAGE Database updated successfully 06:27:11 John Marg MESSAGE IP Protection started successfully The problem occurs between Windows startup and Login (which requires a password). In my MBAM Scheduler I have two scheduled tasks: 1. Quick Scan, Daily, with a tick against "Perform scheduled scan silently from system account" 2. Update, hourly, run Flash Scan after update (but there is no option to run this flash scan silently) It looks like updates before I log in OK then the initial Fash Scan fails. I suggest that in the Update settings in the Scheduler, you add a tick box - "Perform Flash scan silently from system account" ?

Well again there was a rapid response from Skype Support about the suspect IP addresses caught by MBAM. Below is what they said. Interesting how it works. It seems that blocking these IPs is highly unlikely to cause any performance issues with Skype. "We understand the inconvenience that might cause and we appreciate your patience and understanding.Skype is a peer-to-peer (P2P) application. Peer-to-peer makes it possible for multiple computers running the same P2P software to communicate and participate in traffic routing, processing and other bandwidth intensive tasks that are usually performed by a central server. P2P allows sharing files containing audio, video, data and real-time data. Skype has no single

I have had two "as-promised within 12 hours" responses from Skype support on other matters recently - I thought their service was good. I might try this one on them and see what happens.

Using MBAM ,5 Beta, which identifies the process involved, it caught Skype red handed 08:59:59 John Marg IP-BLOCK 222.68.159.215 (Type: outgoing, Port: 42255, Process: skype.exe) The next question is - should we take this issue up with Skype?

It will be interesting to see if you come to the same conclusion as me.

When Skype is running, my lated ip blocks are: 222.68.159.215 Beijing China, China Telecom 121.13.9.119 Beijing China, China Telecom 62.45.227.30 Netherlands

Yes it seems very odd to me too. I am interested in how do disable Supernode and maintain Skype functionality? There is a relevant discussion here http://forum.skype.com/index.php?showtopic=32639