Malicious Website Protection blocking pictures on Facebook, no log of block

[tjmcguire]

On facebook, most thumbnail images come from hxxps://fbcdn-profile-a.akamaihd.net . These are being blocked by the Website Protection, even though the block is not being logged. I know this because if I turn off the Website Protection, refresh Facebook, the pictures load. If I then turn it back on, refresh Facebook? The pictures are blocked again.

 

I have added web exclusions for hxxps://fbcdn-profile-a.akamaihd.net, many of the IP's it encompasses (are IP ranges coming at some point?? Hopefully CDIR notated ranges??) and still the pictures are being blocked.

 

Am I missing something? Is there a log hidden in a directory somewhere that shows blocks (other than the one in the GUI?) so I can maybe see if I have the IP wrong or something? Very frustrating!

 

Any help would be greatly appreciated.

 

Thanks!

 

 

[1PW]

Hello tjmcguire and

That might have been reported once before. Let's start here please:

• Please try the following and let us know if this corrects your issue: MBAM Clean Removal Process 2.x.
• If that does not correct the issue, then please read the following and individually attach the 3 requested logs in a reply to this thread: Diagnostic Logs.
• The 3 files, from Step 2, to be individually attached from your desktop are: CheckResults.txt, FRST.txt and Addition.txt. Please do not Copy and Paste them into a reply.
• NOTE: There is an FAQ section with valuable information located in Common Questions, Issues, and their Solutions.

Please let us know the status of your issue in a reply to this thread.

Thank You.

[tjmcguire]

I have done the clean removal and reinstall from step 1, and I'm going to put it "through it's paces" to see if I am still getting the same behavior. So far though? It looks good. Thank you!

 

A little embarrased though that with 15+ years in tech? I didn't just uninstall and reinstall myself as a troubleshooting step. LOL

 

Ah well! It's been a long week and the cleaning tool probably had more to do with it than just a simple uninstall and reinstall.

 

Thank you again though and I'll reply in a little while with what I found.

 

T

[1PW]

Hello tjmcguire:

Remember it was a Clean re-install assisted by the purpose built mbam-clean utility that does what Microsoft's uninstaller no longer does.

The field is getting too much for everyone to know everything and besides you are always welcome to share your experiences here with others.

Thank you for the good news update.

[tjmcguire]

Thank you!

 

And yes, everything is fine now and thumbnails are no longer being blocked.

 

Thank you again for all your help and have a great weekend!

 

T

[1PW]

You are always welcome.

[tjmcguire]

Well it seems this was only a temporary fix. Can this be looked into deeper, perhaps, so I don't have to do a clean uninstall and re-install of the product every few days? I have not fixed it yet just in case you wanted me to grab any logs, etc.

 

Thank you,

 

T

[AdvancedSetup]

Yes if this is an ongoing issue then let us get some logs please.

 

 Please read the following and post back the 3 requested logs.
 
Diagnostic Logs
 
Thank you
 

[tjmcguire]

Requested logs are attached. Please let me know if you need anything further.

 

Should I wait, or do a clean uninstall and reinstall again?

 

Thanks,

T

Addition.txt

CheckResults.txt

FRST.txt

[daledoc1]

Hi:

 

Please wait for AdvancedSetup to review your logs and advise you.

 

However, I did notice that you seem to be running both MBAE (Malwarebytes Anti-Exploit) and EMET?

I think there is a known conflict/issue with these 2 applications.

But I don't know if that could be contributing to your issue???

AdvancedSetup will help you out....

 

Cheers,

[tjmcguire]

Daledoc1,

 

Ok, will do!

 

And yes, I'm a security analyst so my system is probably a little more involved and locked down than most, but I will read up on this now and see if I can tweak some things in EMET to allow for it to "play nice" with MBAE. LOL

 

Thanks,

T

[AdvancedSetup]

I would highly recommend you watch the following video about MBAE and Exploits
Exploits: How they work and how to crush them
 
Microsoft Security Essentials is not considered a decent or good antivirus anymore and I would highly recommend that you investigate replacing it with one more suited for protecting the system better.
List of well known antivirus products
 
 
If you do want to use EMET they have a 5.x version available.
Enhanced Mitigation Experience Toolkit
Enhanced Mitigation Experience Toolkit 5.0
 

 

You're getting the following error which appears to probably be related to Intel® Smart Connect Technology
Windows Event ID 1003 ISCT Agent Error

Error: (08/26/2014 09:18:16 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


There is an Alternate Data Stream on a file which is legal but not normal for most users and is often a sign of an infection or left over from an infection.

Did you set a proxy on purpose?
ProxyServer: localhost:8080



There are other numerous system errors which can certainly affect any software trying to run on this computer.


System errors:
=============
Error: (08/24/2014 09:47:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff88001928c1d, 0xfffff8800d0c0930, 0x0000000000000000)C:\Windows\MEMORY.DMP082414-52556-01

Error: (08/24/2014 09:47:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:45:20 PM on ?8/?24/?2014 was unexpected.

Error: (08/23/2014 04:54:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/23/2014 04:54:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/23/2014 00:27:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/23/2014 02:33:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (08/23/2014 02:33:34 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/23/2014 02:33:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/22/2014 05:41:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BD57A9B2-4E7D-4892-9107-9F4106472DA4}

Error: (08/21/2014 08:48:16 PM) (Source: BROWSER) (EventID: 8019) (User: )
Description: The browser was unable to promote itself to master browser.  The browser will continue
to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.




I'm sure it can all "probably" be cleaned up but you would need to seek much of the help from the malware removal forum first to ensure there is no infection left on the system.
Then we can help you with this other more generic issues, or on the other hand you may want to possibly consider backing up your data and formatting the drive and reinstall Windows.

Let us know what you'd like to do from here please.

 

Thanks

 

[tjmcguire]

I'll need to reply to most of this tonight after I get home from work and after my Network+ exam. It's going to be a long day!

 

Ok, you caught me with my pants down a little on MSE. I'd argue though with a layered approach (which I have) the "trustworthiness" of an AV product isn't as "be all end all" as if it was the only means of defense. I was running Sophos but no longer have a company license for it after switching jobs. I will definitely replace it though as you are correct, and it is "baseline" at best.

 

The proxy concerns me although it may have been from me using one of several web penetration testing tools. However, I don't see that setting on any of my browsers, being used or even being set for use. Where is that pulling that information from?

 

I'll need to take a look at those errors in detail but those really don't concern me too much because of the amount of software I have on my machine, the constant uninstall and reinstall of tools, etc. My system runs flawlessly with no crashes or hiccups and no issues with any other piece of software I run on a daily basis. However, in the interest of removing them from "reasons for thumbnails not loading with MBAM turned on" troubleshooting, I will look at them and re-mediate each one.

 

I do appreciate your help and please do not mistake my above tone as I tend to be very cut and dried and come across a little "rough" in text, but I was really hoping not to be led down the road of anything wrong with the PC could affect our program. Yes, it is true that seemingly unrelated pieces of software can affect the functionality of another, but I feel like I'm being told to reboot (if you catch my meaning) to fix the issue. I've been in IT and the software world for 15+ years and I am currently a forensic analyst for a security company, so I apologize as sometimes these types of responses tend to get under my skin.

 

All that being said, I will bow to your knowledge of your product, and attempt to do everything you are asking me to do. However, reloading my system to fix an issue with Firefox and MBAM seems a little overboard. Any combination of software will work after that unless there is a glaring major bug in either piece of software.

 

Thank you,

 

T

[AdvancedSetup]

Well I'm not here to argue or dispute with anyone. There are certainly issues that can cause our program to not load or fail to update and we've corrected some of them which should be implemented in a future update. However these are a bit rare and do not affect everyone. Though if you're one of the ones it does affect then that is of little consolation.
 
As for the issues with your computer I'm sorry but having a bug check BSOD and thinking it's nothing - we certainly don't agree. I have had well over 400 different applications installed on my computer at one time before and Zero errors in the Event Logs. I do a LOT of testing and if at all possible I find, fix, remove anything that is a red error. The same for anything that is yellow warnings. I will agree that some warnings and some errors are of little "real" concern but it is a pet peeve of mine to have them. I worked with Compaq back in the Windows 95 days and refused to take further shipment of computers until they fixed an error in the Registry for one of their drivers. It was not an error that caused an issue but these were new computers coming from the factory with yellow warnings, totally not professional and we had about 130,000 user base so our voice had value and they spent a couple weeks with their Engineers and fixed it.
 
You are correct that you could possibly correct all of the errors on this system and it is possible that our program still may not work properly for you. I also agree that reinstalling Windows to make a $25 program work is not something I'd be doing either. However I would certainly fix broken items if someone told me about them, but that's me, and if it didn't work then I'd either wait for a future update or move on. We have over 60 million users of the program and if you have as much experience as you say I'm sure you can review the forum or search Google and compare the number of complaints to 60 million users and any knowledgeable person can see that it's not a "glaring" bug that affects everyone, but we have admitted that there are a few bugs that do affect some rare cases, and those should be corrected in the next release. If your computer is one of those cases then external fixes, repairs would not correct it.
 
If you want or need further assistance I'm more than happy to try and assist - if you're looking for a sounding board or a debate then I'm sorry I don't care to participate in any debate.
 
Thank you again
 
Ron

[tjmcguire]

Ron,

 

Thank you for being a straight shooter and putting me in my place, so to speak. Very rough week and I apologize for my previous post, which was born out of stress while waiting to hear about a new position with a new company. Now that I've found out I got it, things could not be better and I wanted to make sure I apologized!

 

So, as to the issue? It comes and goes unfortunately, with no intervention from myself. Currently as I type this, the issue has happened again, while last night, it was fine. I am going to go through and start removing programs I no longer use, scrubbing out remnants of poorly uninstalled programs, etc. from my computer. I have two weeks off till I start the new job and it's a perfect time to get my system back in line! Hell I may even reload it as you suggested.

 

Once I have my system turned around, and if I am still having an issue, I will reach out at that time.

 

Thank you and again, my apologies for coming off like an ass.

 

Todd