EricT

Just a heads up, but it seems like the site is getting hit with a false positive. Considering it's a site to download virus and spam definitions, there's nothing that I know of that's hacked. I let them know as well in case you guys are seeing something with a web scanner.

I figured you would want something like that, so just searched for it: 02/12/20 " 08:40:25.358" 170063984 0ffc 20a4 INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 251 "Connection blocked! ProcessId=13840 ProcessPath=C:\Program Files\Mozilla Firefox\firefox.exe Domain=mobile.truemail.com Address=66.252.96.9 Port=443 Category=Trojan" 02/12/20 " 08:40:25.358" 170063984 0ffc 20a4 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1899 "Block notification callback 'mobile.truemail.com' '66.252.96.9' 'C:\Program Files\Mozilla Firefox\firefox.exe'" 02/12/20 " 08:40:25.370" 170064000 0ffc 20a4 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1550 "Malicious Website Protection, ipBlockList, 66.252.96.9, mobile.truemail.com, 443, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe" 02/12/20 " 08:40:25.370" 170064000 0ffc 1df0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 1945 "Block notification callback impl 'mobile.truemail.com' '66.252.96.9' 'C:\Program Files\Mozilla Firefox\firefox.exe'" 02/12/20 " 08:40:25.373" 170064000 0ffc 1df0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 1987 "White list disposition (0) for 'C:\Program Files\Mozilla Firefox\firefox.exe'" 02/12/20 " 08:40:25.388" 170064015 0ffc 1e08 INFO MWACControllerCOM CMWACController::TelemetryDataCallbackV2 "mwaccontroller.cpp" 1953 "Successfully sent the block event data to telemetry server."

This just started today, but it seems like the Webmail interface for SmarterTools SmarterMail server is being blocked. My guess would be the SignalR library for live updates. SmarterTools website: https://www.smartertools.com/ SmarterMail server download: https://www.smartertools.com/smartermail/downloads

I've got a ticket in already, just wanted to give some more info in case others have the same issue.

Don't know if it's related, but my software lost it's key as well. Going through the Event logs, it seems like the Windows 10 Creator's Update version 1703 caused my issue.

Reports are clean, it only shows up in the Real-Time detections, and nothing in quarantine. Attached is the pop-up from MalwareBytes. It's not that big of a deal, I just disable MalwareBytes if I see anything with libc on a apt upgrade.

I'm not sure how to post a log on a Real-time detection, but I've noticed anytime libc has an update, MalwareBytes v3.0.6 reports it as an issue. Example from the apt update log: Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 linux-libc-dev amd64 4.4.0-71.92 [837 kB] Fetched 837 kB in 5s (162 kB/s) (Reading database ... 33598 files and directories currently installed.) Preparing to unpack .../linux-libc-dev_4.4.0-71.92_amd64.deb ... Unpacking linux-libc-dev:amd64 (4.4.0-71.92) over (4.4.0-70.91) ....................................................] dpkg: error processing archive /var/cache/apt/archives/linux-libc-dev_4.4.0-71.92_amd64.deb (--unpack): unable to make backup link of './usr/include/asm-generic/sockios.h' before installing new version: Permission denied dmesg: read kernel buffer failed: Function not implemented E: Sub-process /usr/bin/dpkg returned an error code (2)