DougCuk

I must agree the Malicious Website Protection popup in v2 is far more intrusive than that in v1.75 I tend to see these popup when using Torrent software - just for legal downloads obviously. Under v1.75 the Malicious Website Blocked popup warnings were an acceptable size and not too distracting. I think this size increase is to accommodate more lines of info - in a less condensed layout. However MBAM v2 (v2.0.2.1012 installed) has a much larger and more distracting popup than v1.75 The popup is approx 6cm x 12cm on my 19" screen - this is around 2x taller than previously - and has a more striking colour scheme with a large red banner at the top - and can appeared every few seconds for some torrent downloads. This can get rather annoying as it repeatedly overlays any icons or onscreen items in that area that you may be trying to access. I prefer to keep the Website Protection active - and want to keep the popups for this and other issues. But there needs to be some control available to temper these warning popups - for cases such as torrent downloads. A few possible suggestions - most preferred first: 1. Ability to swap to a reduced size popup warning - with less detail and no red banner - when required. 2. Ability to switch off just Malicious Website Blocked popup warnings for a set period - or until a reboot. 3. Ability to disable just Malicious Website Blocked popup warnings - while leaving others active

From initial observation it appears that v2 will use multiple cpu cores (real or hyperthreaded) whereas v1.75 only used a single core. I have only tested this on dual core and P4 single core (hyperthreaded to give 2 logical cores) systems so far. But v2 will go to 100% cpu using both available cpu cores - whereas v1.75 was limited to 50% - with only single core utilisation. This results in much higher overall cpu utilisation and can cause some systems to go through periods of unresponsive behaviour. No doubt this increases the processing speed and shortens scan times - but at the expense of system response under heavy load.

UniDrv.dll file from a laptop utility called FoxOSD Detected as Trojan.Dropper - appears clean - Jotti and VirusTotal mbam-log-2011-04-24 (13-47-11).txt UniDrv.zip

I am also being blocked again today. We know that this IP address is in a block owned by a hosting company with a suspect reputation - midphase.com. However this specific IP address appears to be a fixed IP for a legitimate CDN (Content Distribution Network) server. The server name for this IP comes back as - 173.244.198.143.static.midphase.com Browsing to the IP - http://173.244.198.143/ gives a 404 server response with the following name: SimpleCDN Upload Bucket MBAM at present seem unlikely to remove this IP from its standard blacklist - however the program does allow you to add individual blocked IP addresses to the Ignore List - so at present I have selected that option to get around this problem. The risk posed by unblocking this single IP appears to be minimal - as it is a known CDN server used by a trusted security application. The problem appears to be caused by a change within the network used by Javacool to supply updates - with the inclusion of a server hosted by a suspect company (midphase.com) - this is obviously not ideal for a security app designed to block suspect websites. A complaint to the CDN service would seem sensible, to get this server removed from the pool. I have posted this suggestion on the Spyware Blaster forum.

To paraphrase the response on the Wilders Forum from "Javacool" a SpywareBlaster tech: Full posting click here At present I am no longer being sent to the blocked update server - not sure if it got removed from the pool - or if it's just the luck of the draw. Both sides are obviously aware of the issue but it looks like Javacool are expecting MBAM to fix this one. I will report back if the blocked server re-appears.

Just had a successfull update!! So something must have swapped me to a different server. The address updates1.spywareblaster.net has a totally different IP - so is obviously not the real server being used. However a port monitor utility shows SpywareBlaster accessing the following address: 206-55-108-109.global11325.loc45.simplecdn.net Not exactly sure what that means but it does include the term CDN - which was mentioned.

Seems this is dependant on geographic location and load balancing server allocation. However I have not had any successful update from London UK I am seeing two server names for this IP An IP trace shows the name as - 173.244.198.143.static.midphase.com The SpywareBlaster program (Manual Update - Free version) shows - updates1.spywareblaster.net

Running v1.46 with database version 4207 Attempts to update the spyware blocking program SpywareBlaster (javacoolsoftware.com) trigger an IP block on 173.244.198.143 This appears to one of the servers hosting the update files for this security software. This IP has been blacklisted from at least database version 4201.

Can anyone report on running the current (v1.45) MBAM protection module alongside AVG Free v9 Antivirus? Do the two resident modules coexist without causing any problems? I am most interested in reports from XP and Vista users - as those are the systems I want to protect. There is some advice on the forum here about adding the MBAM folders and files to the scanning and resident exclude lists in AVG to avoid false alarms. Has anyone tested if these exclusions are still required with the current versions? If you have this configuration I'm sure many AVG Free users would like to know how it is running and any problems you have encountered.