Jump to content

Daily Protection Log showing Detection of Inbound port, but port already blocked by Windows Firewall


Recommended Posts

I have a new PC Windows 8.1 with RealVNC (port 5900). I have Windows Firewall configured to only allow a single IP to connect to that inbound port.

 

But I noticed every other day or so in the Daily Protection Log of MalwareBytes Premium, it showed: Detection, Protection, Malicous Website Protection, IP 89.248.162.228, 5900, Inbound, C:\Program Files\RealVNC\VNC4\winvnc4.exe

 

The IP that is listed in the MB logs is not in my firewall's list of allowed IPs, and should be blocked by the firewall. Does MB run "below" the Windows Firewall? Could it be seeing (and blocking) the incoming connection to 5900 before the Firewall blocks it?

 

thx

Link to post
Share on other sites

That was my first thought as well. But when I disable my "enable" rule in the Windows Firewall for the allowed IPs, then it correctly blocks all attempts to VNC in. When I enable that rule, it correctly allows VNC attempts from only those IPs.

 

That is why I was thinking the only way this could happen was if Malwarebytes blocked connections PRIOR to the windows firewall?

Link to post
Share on other sites

Y'know, I really wouldn't have thought so but I think you're right.

I tried to connect to that IP address, Malwarebytes of course blocked it and redirected to loopback, if it passed windows firewall first it would be logged as an allowed connection, but it isn't, so as far as Windows Firewall is aware, there was never any attempt to connect to the IP at all.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.