Jump to content

Website Protection log details?

Recommended Posts

I know we see the Website address or IP in the pop-up, realtime, if Malwarebytes blocks an attempt by my PC to attach.  But it sure would be great to have this info in the logs, too!


From looking at my Protection logs, I can see that from time to time, there is an attemt to connect, which Maywarebytes blocks and logs, obviously, but there's no info as to WHICH site has been blocked!  Or is there, really, and I just don't know where to look?


I'm trying to figure out if the re-occuring blocks are to the same site or is something else going on.  Scans by Malwarebytes and another piece of software don't show any anomalies, so SOMETHING just lays in wait and attempts to connect, on some unknown schedule.


I do see that my taskbar menu for Malwarebytes is asking if I should add "www rubyroyalads com" to my Exclusion List, so I'm thinking this must be one of the guilty parties, but I don't see that name in any logs.


Does Malwarebytes in fact log IP's or site addresses, or can I enable it somewhere, if not?


Malwarebytes Home Premium  database version 2015.7.5.4

Windows 7-64 Home Premium SP 1

Intel Core i5-3570K 3.4GHz  16GB RAM


Link to post
Share on other sites

Hello and :welcome: :


AFAIK The IP being blocked should be logged in the Protection Log.


Let's see what's going on.
>>First, please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
>>Also, please attach to your next reply as well one of the Protection Logs (as a "*.txt" file, not an "*.xml" file) -- instructions are below.
More info about v2.1.8 HERE
Version 2.1.8 Release History HERE
User Guide ONLINE
User Guide PDF
FAQ: Common Questions, Issues, and their Solutions


How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

  • Open MBAM.
  • Click on the HISTORY tab > APPLICATION LOGS.
  • Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
  • Click EXPORT.
  • Click TEXT FILE (*.txt)
  • In the "Save File" dialog box which appears, click on DESKTOP.
  • In the FILE NAME box, type a name for your scan log.
  • A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
  • Click OK.
  • Please attach the saved log to your next reply here in this thread.
Link to post
Share on other sites

Thanks for the reply daledoc1 ... until I get a chance to download and run the diagnostic stuff and get the output up on here, I can attach a copy of the Protection log form the last 24 hours, which clearly shows my interest, entries such as this:


"Protection, 7/5/2015 2:30 AM, SYSTEM, PC764, Protection, Malicious Website Protection, Stopped,"


which tell me something was blocked, I suppose, but not the intended IP or website name.





Link to post
Share on other sites



The protection log you posted shows entirely normal behavior. :)


The "protection stopped" entries just mean that MBAM must -- ever so briefly -- pause its realtime protection in order to refresh/update the databases.

There are 6-15 database updates per day.

So, such pauses are to be expected when using an hourly update check schedule.

As you can see from the time stamps, the pauses are VERY brief.


There are NO IP blocks shown in that log. :)


If you are still concerned about possible malware or something else amiss on the system, please post back with the requested 3 logs.




Link to post
Share on other sites

Thanks!  I see!


I did notice a brief popup about two days ago, so I should go back further and I should find the entry from that one.


Guess I can take it from here ...I sure feel better knowing those aren't repeating attach attempts!  AND that the website info will be saved in the logs ...the popup goes so fast that I can't react with my screen capture fast enough ...


Best Regards,


Link to post
Share on other sites



If the notification from a few days ago only happened once, and you are not seeing frequent blocks (especially outgoing and when no browsers are open), then it sounds as if MBAM was doing its job.


As long as you have notifications enabled in the general settings, you can change the duration of the popup from 3 to 15 seconds (see screenshot).

But, again, such blocks should be logged in the protection logs, as well.


And again, if you are concerned about possible malware on the system, we would need to see those 3 diagnostic logs, for starters.

If they point to something, then we would direct you to a different area of the forum for more help.


Thanks again,


Link to post
Share on other sites

Darn, I didn't even see that in the settings! About having control of the popup time ...I'll change that right now.


BY THE WAY, I did go back to the time that I remembered seeing the popups and SURE ENOUGH, the software that I started running at that time was the guilty party!  The logs certainly do have the website info and the name of the software attempting the attachment! Love it!


The company selling that software absolutely denies any possibility of what I saw.  I suppose they'll say the PROOF is bogus, too.  Obviously, behind the scenes, they'll be happy to get this info, but it'll be interesting to see their response.


Thanks again!


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.