Jump to content

Malwarebytes' Anti-Malware version 1.40 released

RubbeR DuckY

By RubbeR DuckY
in Malwarebytes News

Recommended Posts

  • Root Admin
RubbeR DuckY

RubbeR DuckY

Posted
  • Root Admin
Posted

Malwarebytes' Anti-Malware version 1.40 has been released. IP blocking module implemented.

The IP blocking module enhances the Malwarebytes' Anti-Malware protection module by tremendously improving protection. When a user attempts to visit a website that is infected, the IP blocking module quickly kicks in to block the connection and alert the user. This IP blocking module is updated every time the database is updated to include the latest IP ranges that should be blocked. It also provides us with an advantage as it blocks malicious software that has not yet been released, which allows us to be proactive and not reactive.

We hope all of our customers feel much safer now that this has been implemented!

See here for more information.

Link to post
centralkong

centralkong

Posted
Posted
Nice!! (y)

Is "IP blocking module" visible?

So far, the only place where I could find a reference to the new feature is in the tray icon: Activate protection, IP Protection, and then the usual ones.

Btw, what is exactly this new module? How does it protect us? I couldn't find anywhere where to config this feature in MBAM..

Link to post
catscomputer

catscomputer

Posted
Posted

Hi all. I updated to version 1.40 today, and I've just read that this new version contains an IP blocking module. I'm guessing this new IP blocking feature only available for paid users? I am a free user and I have looked through each tab on my MBAM user interface, and I'm unable to see anything that relates to this feature. I do not have a tray icon for MBAM, just an icon on my desktop.

Thanks.

Link to post
catscomputer

catscomputer

Posted
Posted
Hi all. I updated to version 1.40 today, and I've just read that this new version contains an IP blocking module. I'm guessing this new IP blocking feature only available for paid users? I am a free user and I have looked through each tab on my MBAM user interface, and I'm unable to see anything that relates to this feature. I do not have a tray icon for MBAM, just an icon on my desktop.

Thanks.

Scratch that - I just saw a link to here: http://malwarebytes.besttechie.net/2009/08...re-ip-blocking/ in a post in the False Positive part of the forum, and I see it is indeed for paid users only. Case closed! :)

Link to post
dlb

dlb

Posted
Posted

Some more info about this IP blocker would be nice. My PC was just idling with the Firefox/Google home page open, and I looked over at my PC (I wasn't using it and hadn't used it in over an hour) and noticed the "Infected IP Blocked" balloon along with an IP address. I didn't make a note of the IP address, and I should have. I clicked on the balloon thinking I'd get more info. Nothing happened, the balloon closed, and that was it. Does MBAM create a log of these blocked IPs? How do we get more info about which IPs are blocked and why? How is an IP address determined to bad? How does MB decide if an IP address is bad or not? It seems that there has already been a "false positive" on the blocked IPs (read the posts above). If a particular site happens to host some stuff that MB considers "bad", but some stuff that's "OK", where is the line drawn here? If I (we) could get answers to these questions, I (we) would greatly appreciate it. Thanks.

Link to post
  • Staff
TeMerc

TeMerc

Posted
  • Staff
Posted
Some more info about this IP blocker would be nice. My PC was just idling with the Firefox/Google home page open, and I looked over at my PC (I wasn't using it and hadn't used it in over an hour) and noticed the "Infected IP Blocked" balloon along with an IP address. I didn't make a note of the IP address, and I should have. I clicked on the balloon thinking I'd get more info. Nothing happened, the balloon closed, and that was it. Does MBAM create a log of these blocked IPs? How do we get more info about which IPs are blocked and why? How is an IP address determined to bad? How does MB decide if an IP address is bad or not? It seems that there has already been a "false positive" on the blocked IPs (read the posts above). If a particular site happens to host some stuff that MB considers "bad", but some stuff that's "OK", where is the line drawn here? If I (we) could get answers to these questions, I (we) would greatly appreciate it. Thanks.
We research each and every IP which is submitted or discovered by our research team or by independent researchers. We determine what type of activity is there and how much activity by other sites on the IP range. In some cases we cannot block an entire range we try to block the specific IPs we can.

Sites are blocked only if they exhibit malicious activity or run exploits, pretty much the same thing. Phishing sites are not added. They tend to open and clsoe so fast it's almost pointless to try and track them.

Sites are checked 24\7 for continued activity and if sites no longer are actively malicious then they are removed from the databse.

False\positives are a fact of life in the security business and every single tool produces them. What separates the good from the bad apps are how quickly they are corrected.

Hope that's helpful.

Link to post
PaulAuckNZ

PaulAuckNZ

Posted
Posted

Umm even tho Mbam now works with 64 bit (the protection module), the start with windows option does not, by the looks of it. Tick this, and the protection module, it looks like mbamgui runs (after a reboot), but the icon for it doesnt appear in the taskbar. Kill mbamgui in task manager. The icon for Mbam, then appears for 1/2 a sec and disappears.

Link to post
dlb

dlb

Posted
Posted
We research each and every IP which is submitted or discovered by our research team or by independent researchers. We determine what type of activity is there and how much activity by other sites on the IP range. In some cases we cannot block an entire range we try to block the specific IPs we can.

Sites are blocked only if they exhibit malicious activity or run exploits, pretty much the same thing. Phishing sites are not added. They tend to open and clsoe so fast it's almost pointless to try and track them.

Sites are checked 24\7 for continued activity and if sites no longer are actively malicious then they are removed from the databse.

False\positives are a fact of life in the security business and every single tool produces them. What separates the good from the bad apps are how quickly they are corrected.

Hope that's helpful.

Yup! That's very informative. Thank you. From what I can tell, MBAM does not log the blocked IPs to any type of list or file. This should implemented in a future update or MBAM release. I think other users would find it helpful if MBAM logged all the IPs blocked by the new blocking module.

Anyway- thanks again for the prompt answer, and thanks for maintaining the best anti-malware program currently available!

Link to post
  • Staff
TeMerc

TeMerc

Posted
  • Staff
Posted
Yup! That's very informative. Thank you. From what I can tell, MBAM does not log the blocked IPs to any type of list or file. This should implemented in a future update or MBAM release. I think other users would find it helpful if MBAM logged all the IPs blocked by the new blocking module.

Anyway- thanks again for the prompt answer, and thanks for maintaining the best anti-malware program currently available!

IP logging is a very touchy subject and I doubt it's something we would implement. Too many privacy issues. The blocking works off an internal list which can be added to or have IPs removed at each update.
Link to post
exile360

exile360

Posted
Posted
Umm even tho Mbam now works with 64 bit (the protection module), the start with windows option does not, by the looks of it. Tick this, and the protection module, it looks like mbamgui runs (after a reboot), but the icon for it doesnt appear in the taskbar. Kill mbamgui in task manager. The icon for Mbam, then appears for 1/2 a sec and disappears.

Hi Paul ;) .

Please save your ID and Key info and follow the instructions here to see if that fixes the problem you're having. If not, then I'd recommend you contact the helpdesk at support@malwarebytes.org with your Cleverbridge info from the reciept or send a personal message to one of the forum moderators to get assistance, they should be able to get the protection module starting and working properly for you.

Link to post
PaulAuckNZ

PaulAuckNZ

Posted
Posted
Hi Paul :) .

Please save your ID and Key info and follow the instructions here to see if that fixes the problem you're having. If not, then I'd recommend you contact the helpdesk at support@malwarebytes.org with your Cleverbridge info from the reciept or send a personal message to one of the forum moderators to get assistance, they should be able to get the protection module starting and working properly for you.

Cool will check it out, the module is fine, its the start with windows option that doesnt work. The IP option seems to work (well it stays ticked that is)

Link to post
  • Staff
TeMerc

TeMerc

Posted
  • Staff
Posted

IP logging is a very touchy subject and I doubt it's something we would implement. Too many privacy issues. The blocking works off an internal list which can be added to or have IPs removed at each update.
I was corrected about one thing, we do log the IPs that were blocked, but not the IPs that users visit which is what I was thinking was brought up
Link to post
Guest
This topic is now closed to further replies.
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.