Jump to content

Constant Blocked Malicious Website Popups Is Annoying


Recommended Posts

I have the latest premium version of your program. Recently, perhaps after it upgraded, I have been getting constant (every second or two) popups saying a malicious website was blocked -- over and over again.

 

Outbound sites including Joye-Luck.com are shown over and over again as being blocked. Why do I need to see this thousands of times - or at all?

 

These popups so annoying that I have had to shut off malicious website blocking - even though I would prefer to have it on.

 

Before doing that I have spent over three hours using various AV, anti-rootkit, cleaners & removal tools to try to eliminate the sources.

 

I feel that your next revision should have a setting option to allow the protection while not showing the popups for malicious website blocking.

 

If checked it would still display other threats.

 

The popups are huge and distracting about 4"x4" on my 23" screen. They should be made smaller.

 

What can be done to help?

 

Thank you.

 

 

Link to post
Share on other sites

Hello and :welcome: , lesvdavis:
 
Alas, with the current build of MBAM 2.0 PREMIUM, control over notifications and popups is pretty much "all or none".
More granular control -- similar to that of version 1.x -- is promised with a future release (only the staff will have an official status update or ETA).

 

On the "plus" side, however, version 2 offers the ability to safely create Web Exclusions  for processes and sites that you know are safe.

This is explained in the User Guide.
 
Having said that, IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and if they occur when no browsers are open.

--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website Blocking False Positives sub-forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

Thanks,

 

P.S. As this topic really belongs in the MBAM support section, the mod team may move it here. ;)

Link to post
Share on other sites

Thank you Spam Hunters for your reply. All the popups appear to be as a result of the same IP 192.162.19.34 under names such as Travels-Search.com, Satisfaction-Search.com, Documents-Search.com, Submissions-Search.Com, Helped-Search.com.  They are all outgoing and happen even when the browser is not active.

 

Is this indicative of an infection?

 

And how can I stop this or block the website?

 

Thanks again.

Link to post
Share on other sites

Hello lesvdavis:

Yes - Your description does strongly suggest a system infection.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and having one of the Malware Removal Experts assist you with looking into your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

Thank you.

Link to post
Share on other sites

I must agree the Malicious Website Protection popup in v2 is far more intrusive than that in v1.75


I tend to see these popup when using Torrent software - just for legal downloads obviously.

 

Under v1.75 the Malicious Website Blocked popup warnings were an acceptable size and not too distracting.

I think this size increase is to accommodate more lines of info - in a less condensed layout.


 

However MBAM v2 (v2.0.2.1012 installed) has a much larger and more distracting popup than v1.75 

The popup is approx 6cm x 12cm on my 19" screen - this is around 2x taller than previously - and has a more striking colour scheme with a large red banner at the top - and can appeared every few seconds for some torrent downloads. This can get rather annoying as it repeatedly overlays any icons or onscreen items in that area that you may be trying to access.

 

I prefer to keep the Website Protection active - and want to keep the popups for this and other issues.

But there needs to be some control available to temper these warning popups - for cases such as torrent downloads.

 

A few possible suggestions - most preferred first:

1. Ability to swap to a reduced size popup warning - with less detail and no red banner  - when required. 

2. Ability to switch off just Malicious Website Blocked popup warnings for a set period - or until a reboot.

3. Ability to disable just Malicious Website Blocked popup warnings - while leaving others active

Link to post
Share on other sites

Hi:
 
Thanks for your feedback.
 
As just another home user, I tend to agree with a lot of what you describe.

(I don't use torrents or other P2P, so it's really not much of an issue for me.)

 

FWIW much of what you request has been an RFF since the days of 2.0 beta testing.
 

Alas, with the current build of MBAM 2.0 PREMIUM, control over notifications and popups is pretty much "all or none".
More granular control -- similar to that of version 1.x -- is promised with a future release (only the staff will have an official status update or ETA).
 
On the "plus" side, however, version 2 offers the ability to safely create Web Exclusions  for processes and sites that you know are safe.
This is explained in the User Guide.

To follow up on what is posted above, you can now add your P2P programs as a Web Exclusion, as explained in the User Guide.

 

Having said that, the popups and notifications do serve a purpose and they are there for a reason, especially for less advanced users.

 

Anyway, I'm sure that the team will appreciate your thoughtful feedback and suggestions.

 

Cheers,

Link to post
Share on other sites

When using P2P software you always run the risk of exposing your computer (IP address) to some risky contacts 

- so it's best to keep all the protection active 

- so adding my P2P programs as a Web Exclusion is not something I would consider or recommend. 

 

I always considered the warning popups under v1.75 as a good sign that things were working 

- and the minimal intrusion of the smaller, less striking, popup was an acceptable compromise. 

Link to post
Share on other sites

Hi:

I'll leave the finer points of web exclusions for P2P to those staff and members who run those sorts of programs, but:
 

Add Process
Clicking the Add Process button allows you to exclude a process which would otherwise be blocked from accessing an internet address. Please note that this option is only functional on Windows Vista Service Pack 2, Windows 7, and Windows 8.x. This is typically of value to users who need to access filesharing and/or peer-to-peer applications. On occasion, IP addresses used by these applications may be blacklisted, so that Malwarebytes Website Protection blocks access to the website as a whole. Excluding the IP address makes the user more vulnerable, as would exclusion of the domain (if the website uses a domain name). Excluding the process — providing that the process is not an internet browser — would allow the P2P application to function without increasing risk.   http://www.malwarebytes.org/support/guides/mbam/


However, I am pretty sure you will still get the IP block notifications, unless you disable all notifications (at least until the devs add more granular controls).

 

Hope this helps,
 

Link to post
Share on other sites

  • 2 years later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.