Jump to content

Process added to Web Exclusions still blocked

11E4_8FBF_F0DF3219C4E0
 Share

Recommended Posts

11E4_8FBF_F0DF3219C4E0

11E4_8FBF_F0DF3219C4E0

Posted
Posted

I've added a process, tor, to the web exclusions whitelist, for the purpose of running a relay, but am still getting popups for blocked incoming connections. Whenever I get a notification for a blocked connection, the entry in the whitelist is duplicated. I've tried clearing all exceptions and adding the process again but it does not help.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hello and :welcome: :
 
Easy things first: the duplicated listing in the exclusions is a known bug. TBH, I thought this had been fixed with the current build (at least I no longer see it for my Malware Exclusions on my systems). In any event, it is purely cosmetic.
 
As for excluding a browser process as a Web Exclusion, that is a bad idea. From the USER GUIDE:

Add Process
Clicking the Add Process button allows you to exclude a process which would otherwise be blocked from accessing an internet address. Please note that this option is only functional on Windows Vista Service Pack 2, Windows 7, and Windows 8.x. This is typically of value to users who need to access filesharing and/or peer-to-peer applications. On occasion, IP addresses used by these applications may be blacklisted, so that Malwarebytes Website Protection blocks access to the website as a whole. Excluding the IP address makes the user more vulnerable, as would exclusion of the domain (if the website uses a domain name). Excluding the process — providing that the process is not an internet browser — would allow the P2P application to function without increasing risk.

 
It sounds as if the process you are trying to exclude is acting as some sort of P2P process?
If that's the case, then this explains what you are seeing: Why does Malwarebytes Anti-Malware block BitTorrent or other Peer-to-Peer Programs?
Generally, the IP block notifications can be ignored -- they mean that MBAM is doing its job.

 

If there are IPs being blocked by MBAM that you think should not be blocked, then please read this pinned topic >>here<< and then report the requested info in the Website Blocking FP forum section >>here<<.  The researchers will determine if those blocks can or cannot be removed.
 
If you need more help with this, it would assist us to know a bit more about the system.
Please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thanks,

Link to post
Share on other sites
11E4_8FBF_F0DF3219C4E0

11E4_8FBF_F0DF3219C4E0

Posted
  • Author
Posted
Tor is in a broad sense, a P2P application. The issue is that the IP addresses blocked are likely on IP blacklist for being spammers, which is unfortunately what some do while using the TOR network. Given that I am running a relay, I do not care that these IP addresses are spammers and would like to allow them to connect to my computer and allow my computer to connect to them.

 

Since these are likely not false positives, it would not be appropreate to request their removal from  Malwarebyte's blocklist.

 

Attached are the 3 generated logs.

Addition.txt

FRST.txt

CheckResults.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

 

Since these are likely not false positives, it would not be appropreate to request their removal from  Malwarebyte's blocklist.
 
 

 

 

I'm sorry but that is an incorrect assumption and IP blocks for P2P will not be removed from the product. You should be able to add the TOR program to the exclusion which may help reduce the amount of blocks as you say you've done but for incoming IP blocks you would need to research and add them to the ignore list yourself. Unfortunately at this time we do not have the granularity to run TOR as you're trying to do it. Though for your purposes it may be reasonably safe it is not safe for users accessing such sites by web browser or email applications and thus as said these IPs will not be removed.

 

Thank you

Link to post
Share on other sites
11E4_8FBF_F0DF3219C4E0

11E4_8FBF_F0DF3219C4E0

Posted
  • Author
Posted

Pardon, but you may have misunderstood my previous reply. When I said that they are not false positives, I meant they are known bad IP addresses and should continue to be blocked.

My issue remains that when I add a particular process to the web exclusions list, its incoming and outgoing connections are still checked and blocked when communicating with an ip address on the blacklist. I do not want to disable malicious website protection entirely as it is still a very useful feature and complements a defense in depth approach to securing my computer.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

We should have an updated beta available within the next couple of weeks I hope. I would recommend giving that version and try and let us know if that works better or not. I have my doubts though that it will treat TOR properly and I will submit to our QA Team to see if they can do some testing with it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.