Jump to content

Recommended Posts

Why does MBAM Premium trial version classify the BlockSite add-on is a PUP? Is that add-on really harmful or is MBAM being overcautious?

 

I asked MBAM tech support. I got a reply from a joker named Maurice who sent me pages of irrelevant copy-pasted blabber, among other things suggesting that I download and install and run a certain diagnostic tool. That is ludicrous. All I wanted was an answer to a simple question: is the Firefox add-on named BlockSite harmful or not?

 

Link to post
Share on other sites

Hi, @Wolborg:

 

In addition to @1PW's suggestion...

 

While we wait for input from a staff member, it would help to know:

 

1) Are you referring to BlockSite, BlockSite Plus, or another, similarly named Firefox extension????

 

2) It might also help if you could please attach a TXT version of the MBAM scan showing the detection to your next reply in this thread (let us know if you need help finding, exporting or attaching the txt file).

 

Also, there is more information about PUPs here: What are the 'PUP' detections, are they threats, and should they be deleted?

If you have a file (PUP or other executable or file) that you think is being falsely detected as a PUP, then there is a special forum section reserved for reporting this.

If you wish to do so, I suggest starting with the instructions here and here.

Then, you may wish to submit the requested information here.

 

Thank you,

 

P.S. As for post editing, because of prior abuse, new members are not permitted to edit their forum posts.

Link to post
Share on other sites

Thank you.

 

I meant this one:

https://addons.mozilla.org/en-US/firefox/addon/blocksite/

I didn't even know about BlockSite Plus. I'll check it out. Thank you for the tip.

 

Here is the MBAM scan log:

 

----------------------------------------

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 28/02/2016

Scan Time: 3:35

Logfile: mbam scan 2016-02-28.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.02.27.03

Rootkit Database: v2016.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: User

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 384233

Time Elapsed: 7 min, 9 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 10

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\defaults\preferences, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF, No Action By User, [edc212530990a1950fdaee10738fb14f],

 

Files: 47

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome.manifest, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\install.rdf, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\authentication.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSite.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSite.jsm, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteAdvanced.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteEditWebsite.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteOverlay.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteOverlay.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSitePrefs.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSitePrefs.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\BlockSiteSetWebsite.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\config.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\config_special.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\convert2RegExp.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\hex_sha256.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\md5.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\SetWebsiteBlack.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\SetWebsiteWhite.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.css, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.html, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\special_thanks.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\tooltip.css, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\translate.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\Usage.xul, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\wips.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\wipstats.js, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\agree_continue.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\bodybg.jpg, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\context-icon.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\dont_help.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\icon32.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\icon48.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\logo.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\logo_settings.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\mrwips.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\question_mark.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\content\img\question_mark14.png, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\BlockSite.dtd, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\BlockSite.properties, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\en-US\contents.rdf, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\BlockSite.dtd, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\BlockSite.properties, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\chrome\locale\nl-NL\contents.rdf, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\manifest.mf, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\mozilla.rsa, No Action By User, [edc212530990a1950fdaee10738fb14f],

PUP.Optional.BlockSite, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cpfdj5xd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}\META-INF\mozilla.sf, No Action By User, [edc212530990a1950fdaee10738fb14f],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

----------------------------------------

Link to post
Share on other sites

  • 1 year later...

This thread is more than a year old, but I can inform that Malwarebytes is still detecting the Firefox addon BlockSite as a PUP.... And it is unfortunately not easy to exclude BlockSite from detection. In Malwarebytes there are no options for the quarantined entries to be excluded in the future, thus first you must MANUALLY write down the long and complicated folder path so you can go to the exclusions tab and add the folder. Then you can try to go back to the Quarantine section and select the entries for BlockSite and click  "restore". However even that is a hassle because Malwarebytes requires a reboot before the entries can be restored....

Its also weird that these entries are auto-quarantied when I have selected that Malwarebytes should only Warn me....

 

2017-04-10 02_40_02-BlockSite (Firefox add-on) - File Detections - Malwarebytes Forums.png

2017-04-10 02_41_18-Start.png

Edited by jayman1000
Link to post
Share on other sites

7 hours ago, dcollins said:

@jayman1000 in regards to excluding a file, if you uncheck the file from the list of files to be removed and then click Next, MB3 will ask what you want to do with those files. One option is "ignore always" which adds it to the exclusion list.

No this does not happen with the auto-quarantine. As I mentioned I have set Malwarebytes to warn me upon finding PUP's but still there is auto-quarantining happening. And in that quarantine list there is no option to select the items for exclusion; you can only chose to Restore the entries or Delete them. Restore just restores them, no option to exclude in the future. The exclusion option that you mention is only something that is available upon a scan. But when a program perceived as a PUP by Malwarebytes executes its files Malwarebytes seemingly detects it, Im guessing as part of the real-time protection process and quarantines it without asking or warning first.

Dont believe I posted screenshot of my setting for auto-quarantining, but as you can see here, it should be disabled.

2017-04-11 01_50_00-Skype.png

Edited by jayman1000
Link to post
Share on other sites

1 minute ago, dcollins said:

My apologies, I missed the part where this was during an auto-execution. As of now, the only way to exclude those files is to type the path manually, but we are looking at better alternatives in the future

That is good to hear; tedious manual work should be optional ;)

Link to post
Share on other sites

  • 1 year later...

Hi swanny2070 and welcome back to the Malwarebytes support forums.

This time around the PUP.Optional is no longer a False Positive.

On the 27thJuly 2018 Mozilla blacklisted the extension for the following reason -> "Violations of the data collection policies"

https://bugzilla.mozilla.org/show_bug.cgi?id=1478731

If Mozilla are blacklisting the extension then it would definitely be considered Potentially Unwanted Program.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.