Jump to content

IP Protection - Suggestions

secret365

By secret365
in Malwarebytes for Windows

 Share

Recommended Posts

  • Replies 132
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

secret365

secret365

Posted
  • Author
Posted
Greetings :) .

It does have a log file, it's located here:

"%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\logs"

It's a log file for the Protection Module, including any IP's that were blocked by it.

Thanks for the reply. :)

May I know how often must the user do maintenance (the number of files will keep growing)?

It will be better if listed in the GUI.

Link to post
Share on other sites
Falkra

Falkra

Posted
Posted

The team is working on the IP blocking feature. As any new feature, the first release is always the one that gives most work.

The warning isn't ridiculous though, considered globally.

Link to post
Share on other sites
deny

deny

Posted
Posted
The team is working on the IP blocking feature. As any new feature, the first release is always the one that gives most work.

The warning isn't ridiculous though, considered globally.

If Malwarebytes pop-up prompt with Infection Detected: 88.214.226.32 (or with any other IP address) then any average user will scare and ask what's wrong here? Infection or not?

I think that giving such a warning with Infection Detected without providing any information;s is ridiculous. Probably most adequate will be possible threat from IP address xxx.xxx.xxx..xxx detected. IP address is on black list because of ... but Infection detected (in this situation false positive) does not make any sense.

Link to post
Share on other sites
mailman

mailman

Posted
Posted
I'm still wonder what is wrong with IP address 88.214.226.32 from UK.

I also am wondering. :)

The hpHosts database says this about IP 88.214.226.32:

Sites resolving to 88.214.226.32 were NOT found in our database

I suggest you head over to the False Positives forum and follow the instructions in this link to report about that IP. :)

Thank you all for remaining patient while we work out any kinks in our brand new IP blocking module. If you find any false positives with the new module, please kindly create a new post with the IP address as the title. Also, please indicate what you were attempting to do on the site so that we can reproduce it.

Thank you for your cooperation and we hope you enjoy the extra protection!

For example, it would probably be helpful for them if you explain about your "seoquake.com legitimate add on to Firefox" (perhaps even with a link to the add on that apparently triggers the alert) so they can further verify its legitimacy and they can reporoduce your annoying situation.

Link to post
Share on other sites
Conundrum87

Conundrum87

Posted
Posted

I've seen that others have had problems with the IP Protection blocking and sometimes indicating continous Infection Messages. I've done this with other security software and have been quiet successful in eliminating any fake or false positives. I can only guess that the same program that protects you from visiting dangerous sites, also is responsible for detecting temporary internet files from dangerous sites.

Instructions:

(1) Open Internet Explorer

(2) Select Tools

(3) Select Internet Options

(4) Open Browsing History

Options Available:

- Delete Temporary Internet Files: These files are usually saved to help expediate reloading of the site the next time you visit.

- Delete Cookies: These files are saved from the sites you visit. Computers send packages back and forth, unfortunately these can add up if you collect alot from sites you never visit more then once.

- Delete History: This is a memory of sites you've visited, it appears in the URL bar when you being to type.

(5) Delete your Temporary Internet Files

Hope this was helpful. I hardly receive reports any more from the IP Protection, and every time I clear it they stop.

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted
If Malwarebytes pop-up prompt with Infection Detected: 88.214.226.32 (or with any other IP address) then any average user will scare and ask what's wrong here? Infection or not?

I think that giving such a warning with Infection Detected without providing any information;s is ridiculous. Probably most adequate will be possible threat from IP address xxx.xxx.xxx..xxx detected. IP address is on black list because of ... but Infection detected (in this situation false positive) does not make any sense.

There may be nothing wrong with the add-on, but that IP address is on an IP range associated with the Russian Business Network, which is why it's blocked.

Contrary to it's location, the IP range is Ukranian/Russian controlled, NOT UK controlled.

http://hphosts.blogspot.com/2009/05/interf...n-blackhat.html

Link to post
Share on other sites
Blottedisk

Blottedisk

Posted
Posted
How about including in the log file what application was trying to access the website, or the application that generated the block.

I competely agree with you, Firefox. Including this information would be most handy, as it could show trojan activity on the OP

Link to post
Share on other sites
  • 2 weeks later...
ncr100

ncr100

Posted
Posted

Vote +1 for Whitelist.

I know it's in the works but at this point I must disable IP Blocking until whitelisting is available; the implementation is too heavy handed for my uses.

How can I add an IP so it won't be detected and can access a site I need to?

As of right now, we do not have an option to add exclusions, but we're working on adding it in future versions. (from http://www.malwarebytes.org/forums/index.p...howtopic=21076)

Link to post
Share on other sites
Amethyst

Amethyst

Posted
Posted

I've seen many posts on this forum about the 'annoying popup', but I have yet to see a single one on either of my 2 computers since I upgraded from the free version to the paid for version, and I DO have it enabled. I don't know if the members of this household are just incredibly lucky or not. :)

What I would like to be able to do is safely test my IP protection to see if it is, in fact, working. Could you developers maybe set up a dummy page like that so we could test? Or do you already have one?

Does the balloon stay there until someone clicks on it to close? Like maybe if the computer tried to contact a malicious site when there was no one using the computer, it would be nice to know if something like that was going on. There's a log? OK, I'll see if I can figure out where that is. Would be nice to access it from the program interface.

Thanks, folks. I appreciate all your work on this software!

Link to post
Share on other sites
swagger

swagger

Posted
Posted

Amethyst,

I like your idea of setting up a dummy page to test that the IP Protection module is working properly. Not sure if this is feasible but if it is, it sounds like a great idea!

As far as the popups go, when I get home from work, my monitor is on standby. When it wakes, 75% of the time, there is a popup in the system tray waiting for me. If I click on another application windows like mIRC or Firefox, the popup goes away on it's own. Take a look at this thread and it gives you pretty much everything you would want to know about the IP Protection feature including where to find the logs.

I hope this helps

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.