blender

Hello, We are not blocking that site. Do you have a screenshot showing this block? We'll need this so we can verify on our end. You can also whitelist it yourself, not just the folder but the actual executable showing in the alerts connecting to the internet. Settings> exclusions> add exclusion> in the next popup window, check radio button beside "exclude application that connects to the internet". From there, you will need to choose the file that was showing in the alert popup. You can't choose folders here - you will need to specify the exact file. Once you've set this, OK your way out & you should be able to run the application without issues.

Sounds good.

Not entirely sure yet what all the Farbar tool needs. Seems to be a cloudflare address. Not sure if this is even static. It should still run though even if it cannot check back home for an updated version so I am not sure I would bother with DNS entries for FRST as it would be a one-time connection to check if there is an updated version of the tool then it would not be needed any more. I am pretty sure though that the issue here is your server is unable to connect to our back-end when checking "goodware" file lists and such. I think once this is resolved, it'll be easier. We update the goodware lists many times/day & these lists are not downloaded to your machine like the definitions do. Instead they're in the cloud. A good portion of the goodware rules & badware rules are in the definitions downloaded locally to the machine & a good portion of it all is in the cloud because it is faster. Some of this is updated constantly so being able to connect fair quick is important.

This info page might help: Additional info I received from Ron here: "best to use a DNS entry if it's for proxy reasons. The update servers are on CDN and those IP change per region."

It won't run even though it cannot check for updates? Let me find out what address(es) you will need to temporarily allow.

Hello, It looks like MBAM is having trouble to reach our back-end where it gets the whitelisted info from. Because the support tool was run as a limited user, it couldn't create certain logs. Let's try & get them with this. Please download Farbar Recovery Scan Tool from here http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your desktop. Note: You need to run the version compatible with your system – for you, this would be the 64-bit version. **After you click the Download Now 64-bit, another page will open — DO NOT CLICK ANY ADDITIONAL 'download now' buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save. •Double-click to run it. When the tool opens click Yes to the disclaimer. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. •Click the Scan button. •When the scan has finished, it will save 2 logs in the same directory the tool was run from. Please either attach or PM me the following logs: Addition.txt FRST.txt Thanks

Thank you. Can download & run the support tool as instructed on this page? Post the resulting zip from your desktop please. Either myself or Bob will have a look once posted. Thanks!

I am going to have someone pop in to have a look. I'm sure he will be able to figure out what is happening. He may want other logs but while waiting on him, can you grab a screenshot showing the version information from MBAM? Settings>> about Just a screenshot of the Version Information section should be good for now. What steps would he have to take to reproduce the issue? Actually running the file or is it being detected by a scan or.. ? Thanks!

All the exact same file? We whitelisted this exact file the 18th of May.

Oops - scratch that. This has been fixed for some time now.

Do you have a log of this detection? Currently I cannot reproduce it.

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hello, This will be fixed next database update which is scheduled to go out in about an hour. Thanks for reporting!

Checking...

Hello, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.