Jump to content

IP blocking specific to one user account

Recommended Posts

I am running MBAM Premium on Windows 10 Home.

On  March 29, MBAM logged the following:

   <record severity="debug" vendor="Trojan.Injector" LoggingEventType="0" datetime="2016-03-29T09:04:34.272474-04:00" source="Protection" type="Detection" username="Jen" systemname="HP-2009" last_modified_tag="17a213e7-39c6-4a9d-aeab-87d650095260" subtype="Malware Protection" action="Quarantine" filename="C:\ProgramData\querc-1\querc-6.exe" hash="8cfb098494056dc91bba73a6d1318b75" malwaretype="File" message=""></record>

Shortly thereafter, this user account became unable to access the Bank of America website.  Each attempt to reach the site via Chrome results in:

   <record severity="debug" LoggingEventType="0" direction="Outbound" datetime="2016-03-29T09:25:42.797213-04:00" domain="" source="Protection" ip="" type="Detection" port="52485" username="SYSTEM" process="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" systemname="HP-2009" last_modified_tag="96796cca-7147-4edd-a2d3-bf99c72d6d00" subtype="Malicious Website Protection" malwaretype="IP"></record>

Curiously, all of the other three user accounts on this machine have no problem accessing the BoA website.

Also curiously, I installed MBAE free trial just this weekend (April 9), and the user account with the issue was subsequently unable to open Chrome at all.  The other user accounts - no problem.  Upon browsing the MBAE forums regarding the inability to open Chrome, I can state that we are not using Trusteer Rapport.  Following some recommendations provided in the MBAE forum, I disabled OS bypass ROP protection for Chrome, and Advanced Memory / Malicious Return Address for Chrome.  This enabled the user to open Chrome.  However, still getting the MBAM outbound block on when trying to access the Bank of America website.


Link to post
Share on other sites

  • 4 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.