Jump to content

fredster2

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by fredster2

  1. I don't want any update checks or internet access except when I manually initiatie it. In Update Settings, I've already unchecked both boxes, which successfully stops the checks for updates when the program is started. However, when I run a custom scan, MBAM ignores the Update Settings and tries to "Check for UpdateS". As I've blocked this with my firewall, it sits for several minutes trying make contact until it finally gives up. How do I cause that first bubble in "Custom Scan" to be bypassed - permanently. (Meaning, so I don't have to take an action each time I restart MBAM or each time I run a custom scan.) Thanks. MBAM Free, v2.1.6, Windows 8.1 x64
  2. I saved a few firewall logs which show IP addresses and ports, including the ports that were scanned to trigger the attack, but I wasn't running wireshark and don't have any actual packet captures. Should I post the logs to this thread or email them to your support? The only really interesting part is the protection log which indicates: 2013/11/30 21:00:24 detected scan packet: 53371; packet recv TCP 72.21.81.253:80 -> 192.168.1.102:53371 (40) [ ACK ] 2013/11/30 21:00:36 detected port scanning: 53371, 53377, 53378, 53379, 53380, 53381, 53382; packet recv TCP 72.21.81.253:80 -> 192.168.1.102:53382 (40) [ ACK ] 2013/11/30 21:00:36 Attack SCAN (53371, 53377, 53378, 53379, 53380, 53381, 53382) detected from 72.21.81.253 {host blocked for 5 min} [000001B5] 2013/11/30 21:02:00 detected scan packet: 53390; packet recv TCP 69.16.175.42:80 -> 192.168.1.102:53390 (40) [ ACK ] 2013/11/30 21:04:19 detected port scanning: 53513, 53516, 53519, 53522, 53525, 53528, 53531; packet recv TCP 69.16.175.42:80 -> 192.168.1.102:53531 (40) [ ACK ] 2013/11/30 21:04:19 Attack SCAN (53513, 53516, 53519, 53522, 53525, 53528, 53531) detected from 69.16.175.42 {host blocked for 5 min} [000001B6] 2013/11/30 21:05:36 intruder 72.21.81.253 unblocked [000001B5] 2013/11/30 21:09:19 intruder 69.16.175.42 unblocked [000001B6] The other log file is a basically just a serious of details of when I allowed or blocked MBAM from accessing various IPs. (I first allowed it, then blocked it as I was trying to figure out what was going on.) If you want more details of my firewall configuration and security we should probably take this offline.
  3. Can you provide an example of this turmoil? I posted quickly (in a different forum) thinking I would be able to edit my post and didn't proof-read it, and now there are some serious typos, quotes in the wrong position, etc.
  4. Wow, all three of you assumed I was clueless and reporting an outbound access attempt by my firewall as a portscan. I get multiple access requests all day from various applications, including MBAM, and either grant or refuse them, and that's NOT what I'm talking about here. My firewall specifically alerts to me portscanning attempts with a popup saying "portscan attack from IP XXX and then blocks all communication for a certain duration". This happens rarely, perhaps once every few weeks, but happened twice, within a few minutes from both of the MBAM update sites I mentioned in the original post. I'm quiet surprised that a company selling a commercial product would have the attitude of assuming I'm an idiot rather than immediately taking action, such as * remove the sites I mentioned from their update program, or at least * investigate them and put in safeguards to ensure these sites are not taken over I gave MBAM access to these sites, after which I was portscanned, which is not normal behavior. I am not portscanned by Avast update sites or microsoft update sites. No, it looks like you are the one doing the misinterpreting. I'm well aware of what port-scanning is, and how it differs from giving apps outbound access through my firewall. I gave MBAM outbound access to the update sites, and then was portscanned, which caused my firewall to completely shut off communication (for everything). I perhaps the company that wrote my firewall are confused when they pop up a "port scanning attack" dialog? Again, you're confusing outbound access with being portscanned. I gave MBAM outbound access, otherwise I could've have been port-scanned as those sites wouldn't know my IP.
  5. The web page in the post immediately above has a download link for mbam-rules.exe and says: Someone is supposed to be updating the mbam-rules.exe download once a week now. If there are any lapses in the update frequency, please feel free to stop by the official forums and let them know The current version available is from august 2013, or THREE MONTHS old. Who is supposed to be updating this file weekly?
  6. I just installed MBAM on a new PC, after installing a Firewall, and when I tried to update MBAM, I immediately was portscanned by both update sites: hwcdn.net (69.16.175.42) and 72.21.81.253 (as reported by the firewall). So either the MBAM I downloaded from the official site has been directed at hacker sites, or the legitimate update sites have been taken over. I guess I'll have to download updates manually (if I decide to still trust MBAM).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.