Jump to content
TomFace

www.msftncsi.com Blocked

Recommended Posts

Just got this notice window-had 6 occurrence after booting up-I'm not real tech savvy, can anyone tell me about this?

Malicious Website Protection, Domain, 184.86.240.88, www.msftncsi.com, 49167, Outbound, C:\Windows\System32\svchost.exe,
Malicious Website Protection, Domain, 184.86.240.88, www.msftncsi.com, 49167, Outbound, C:\Windows\System32\svchost.exe,
Malicious Website Protection, Domain, 184.86.240.82, www.msftncsi.com, 49168, Outbound, C:\Windows\System32\svchost.exe,
Malicious Website Protection, Domain, 184.86.240.88, www.msftncsi.com, 49184, Outbound, C:\Windows\System32\svchost.exe,
Malicious Website Protection, Domain, 184.86.240.82, www.msftncsi.com, 49185, Outbound, C:\Windows\System32\svchost.exe,
Malicious Website Protection, Domain, 184.86.240.82, www.msftncsi.com, 49168, Outbound, C:\Windows\System32\svchost.exe,

 

Share this post


Link to post
Share on other sites

Hi, same scenario! Just turned PC on and had this happen a handful of times
Malicious Website Protection, Domain, 150.101.152.10, www.msftncsi.com, 49166, Outbound, C:\Windows\System32\svchost.exe

Same website buuut different IP address than the OP, should I be concerned? ;p

Share this post


Link to post
Share on other sites

I cant seem to edit posts, but nevermind about the above, its just Australia's transparent proxy giving me a local mirror >_>
QuzWVVO.png

Edited by Kittens

Share this post


Link to post
Share on other sites

On booting up computer this morning I also had this message pop-up. I tried to go to the site and it is also blocked by malwarebytes.
Is there something new on my PC that I should be worried about or has malwarebytes decided that this site has become hazardous?

 

MBwarn.jpg

Share this post


Link to post
Share on other sites

Same here.  This seems to have started at some point in the last update to MB.

Just started happening when I launch Avira antivirus which launch practically everyday.  I know for a fact (via previous network monitoring) that Avira has always made outbound connections via these IPs which belong to Wave Broadband (my ISP)  and is legit.  The domain msftncsi is unrelated to the actual outbound IP address that is being blocked by MB as with other users accounts in this thread.

 

Detection, 12/23/2016 11:37 PM, SYSTEM, XXXXX, Protection, Malicious Website Protection, Domain, 204.195.95.88, www.msftncsi.com, 64996, Outbound, C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe,
Detection, 12/23/2016 11:37 PM, SYSTEM, XXXXX, Protection, Malicious Website Protection, Domain, 204.195.95.88, www.msftncsi.com, 64996, Outbound, C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe,
Detection, 12/23/2016 11:37 PM, SYSTEM, XXXXX, Protection, Malicious Website Protection, Domain, 204.195.95.82, www.msftncsi.com, 64996, Outbound, C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe,
Detection, 12/23/2016 11:37 PM, SYSTEM, XXXXX, Protection, Malicious Website Protection, Domain, 204.195.95.82, www.msftncsi.com, 64996, Outbound, C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe,

Share this post


Link to post
Share on other sites

I also want to add that this just happened to me as well upon waking up my computer. I want to triple check, is msftncsi a Microsoft website and a normal PC function that is probably being mistakenly blocked and I shouldn't be concerned about this?

Share this post


Link to post
Share on other sites

I have found the solution go to regedit then to  Hkey_Local_Machine\System\CurrentControlSet\services\NlaSvc\Parameters\Internet  and set the value of  EnableActiveProbing to. Then restart the system. :) Hope this helps

Edited by deokastyler

Share this post


Link to post
Share on other sites
2 minutes ago, deokastyler said:

I have found the solution go to regedit then to  Hkey_Local_Machine\System\CurrentControlSet\services\NlaSvc\Parameters\Internet  and set the value of  EnableActiveProbing to. Then restart the system. :) Hope this helps

Set it to 0 I forgot.

Share this post


Link to post
Share on other sites

I keep getting it too. The domain it keeps quoting is 62.252.169.xx (xx changes). This is a Virgin Media IP, not Microsoft. I use Virgin for broadband.

I added msftncsi.com to the domain exclusion list but it hasn't stopped the messages appearing.

Annoying.

Share this post


Link to post
Share on other sites

I'm getting the same here, it seems to happen when I try to update MSE. Seems odd that MBAM needs to block AV updates

Share this post


Link to post
Share on other sites

Hello,

We are looking into this false positive & will be fixing it as soon as possible.

That domain is used by many programs (including malware) to check for internet connectivity so it is not dangerous to exclude it from detections.

Sorry for the inconvenience.

Share this post


Link to post
Share on other sites

The block has been removed. Sorry for the delay.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.