Persistent Incoming ip block

[MAP]

I was plagued with multiple incoming IP block messages. After reading some of the suggested solutions, which included downloading software packages, I decided upon a different approach.

 

(I am using Symantec End Point as an antivirus unmanaged.)

 

I went to the Malware protection log and did an IP trace of the IP addresses…there were multiple entries for the same IPs.

 

I then did a Whois for the area (Russia, Ukrane, Netherlands and Spain) and got the IP block associated with the IPs and the slash. Since I do not do business with any of these countries, I went into my edn Point firewall and blocked the IP blocks.

 

The problem persisted even after blocking the IPs in the firewall…it appears that Malwarebytes was intercepting the intrusion before the IP got to the firewall.

 

I then uninstalled Malwarebytes and restarted my computer. After restart, I ran a full scan with endpoint…no problems were found.

 

I then re-installed Malwarebytes and restarted my machine again. After restart, I ran a full scan with Malwarebytes…no problems detected.

 

After do this, the persistent incoming IP blocked occurrences stopped. I repeated the process for all of my servers and work stations.

From time to time I do get a message of an IP blockage but such attempted intrusions are now manageable. I check the protection log each day and do a firewall block for that IP block and it now appears that the IPs are getting blocked before Malwarebytes can detect recurring intrusions from the newly added firewall IP blockages.

 

I have absolutely no rational as to why this worked, I only know that it worked for me and I did not have to download any additional software.

 

Smiles

[yardbird]

@ MAP - Please read & follow the post thats below mine by daledoc1.... thank you

_____________________________________________________

 

Hi Map!  If you have the business Malwarebytes? you may want to go to this link: https://support.malwarebytes.org/customer/portal/emails/new?b_id=6442

 

                Please post back and let us know?  regards. 

[daledoc1]

Hi:
 

Welcome.

 

EDIT: OOPS! I'm sorry, @yardbird. I didn't notice you were posting the "short" version, while I was still typing the "longer" one.

 

INCOMING IP blocks are not always a sign of malware.
But normally they would be blocked by one's router or firewall.

What does it mean when I get an alert that Malwarebytes Anti-Malware has blocked a malicious site?

 

>>>You posted in the MBAM-Business section (and you are running SEP), so I just want to be sure: is this a business/work computer???
 
If so, you might want to log a ticket via email at the Business Help Desk.
They can assist you with scanning the system for malware and any needed cleanup.
 
Alternatively OR if this is a home/personal computer, I suggest that you might want to follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst over in the malware removal section will assist you with looking into your issue.

(The malware removal forum is geared to home users. If this is a business system, some of the volunteer malware experts may send you to the Business Help Desk.)

 

Thanks,