I have had a series of notifications saying potential threat blocked, rtp detection events (whatever they are?), trojans, compromised and riskware sites being attempted to connect to.
when i look at them in the detection history I don't find them to be very helpful. for example, all it says for the file (which i assume means the file on my pc that tried to access the website?) it says system. that isn't helpful at all, bewilderingly vague.
how can i discover which file or app tried to access this ip address? because surely then i would have a better idea on how to deal with this access attempts.
As feedback this kind of information really should be immediately accessible from the notification and detection history and include hover pop-ups that describe what the file field means for example so that users can better understand the report.
this is just one example:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 22/01/2023
Protection Event Time: 17:04
Log File: d1f68b1a-9a76-11ed-9ae2-2cf05dcc0682.json
-Software Information-
Version: 4.5.20.230
Components Version: 1.0.1868
Update Package Version: 1.0.64887
Licence: Premium
-System Information-
OS: Windows 10 (Build 19045.2486)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, System, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: RiskWare
Domain:
IP Address: 117.207.229.201
Port: 137
Type: Outbound
File: System
(end)