Jump to content

IP Protection - Suggestions

secret365

By secret365
in Malwarebytes for Windows

 Share

Recommended Posts

  • 2 weeks later...
  • Replies 132
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Sema4

Sema4

Posted
Posted

I for one am getting very close to walking away from MWB because of this new IP block feature, it's a fine idea and I applaud the concept, however it's a royal pain in the....

PLEASE give us a way to stop IP block from starting while you work on the IP exceptions feature.

I restart my system many times a day and each time I do I must then go and disable that troublesome IP block thing so that my computer has access to the sites it needs access to.

There isn't a day goes by where I don't see the message 'malwarebytes has blocked access to the IP xxx.xxx.xxx.xxx' and each time, it's a genuine request for data from a reputable company.

If it was once in a while, it wouldn't irritate so much, but every single day just gets a bit tiresome.

I don't want to uninstall your software but in it's present form, it's bordering on the unusable for me, please do something about it guys.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
PLEASE give us a way to stop IP block from starting while you work on the IP exceptions feature.

Registry Switches for Controlling IP-Blocking in MBAM 1.41

Create the indicated registry value (labeled as key | value) with the indicated data and reboot to enforce the policies below. All of the values are of type DWORD. In order to create a registry value, open the Registry Editor (Start -> Run -> regedit), navigate to the key listed, and then right-click in the right-hand panel and choose New -> DWORD.

1) HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware | silentipmode

Description: With a DWORD value of 1, the protection module will block and log IPs silently.

2) HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware | startipdisabled

Description: With a DWORD value of 1, IP blocking will start disabled on reboot, although it can be enabled subsequently.

3) HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware | disableipblocking

Description: With a DWORD value of 1, IP blocking will be permanently disabled (cannot be toggled).

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

@swagger I was just saying that cause if you are having to restart your computer too many times during the day due to lockups or hardware failure, then perhaps we would have to see whats causing that first before we can blame MBAM.

Also the sites that are getting blocked could be sites he should really not be visiting since they may be infected....

But since its all an unknown at the moment we could only assume....

Link to post
Share on other sites
not shown

not shown

Posted
Posted

I am a paying Anti-Malware customer, and everything about the application makes me happy - except one thing.

I'd like to be able to correct/update IP protection blacklist(s), because some sites that I visit daily are blocked and it becomes annoying over time.

Is there a setting or a file that I am missing? If not, is this feature planned?

Thank you.

I searched the forums before posting.

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

A whitelist facility is not presently available, no. However, I believe one is slated for a future release.

In the meantime, if you feel an IP is incorrectly blocked, please feel free to report it.

http://www.malwarebytes.org/forums/index.php?showforum=42

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

No this is not currently possible and at this time is still not currently listed as an update but one in the future is a possibility. If there is an update on this we'll be sure to post it and let everyone know.

Thank you.

In case you missed it please take a look at the IP Protection posting.

Link to post
Share on other sites
Sema4

Sema4

Posted
Posted

@MysteryFCM - Thanks for the reply, I did make a post about the first IP that I had trouble with for a product called Weather Clock, apparently the update servers which are based in London, are owned by a Russian and your software considers them bad people, so it blocks the updates, which it does hourly... and to block updates for a piece of paid software is just a nuisance. Posting this IP got me no where, it's still blocked, and so posting the other IP's is just as pointless because I know who they are, what they do, who owns them, etc.

Some of the other more innocuous things that are being blocked are an add on for firefox that I use and some forums that I monitor, but despite these being legitimate sources of information, your software thinks they are hosted on servers that are owned by people with questionable morals and so it blocks access to them. grrrrr.

As I said in my original post, it's a fine idea and I applaud the concept, but at present it's unworkable for me and I'm grateful for a way to disable it in the registry!

@Porthos - Thanks for the info, don't know why I missed that post when I searched... much obliged to you!

@Firefox - with all due respect sir, it's none of your business why I restart my system so often, but I appreciate your reason for asking the question and let me assure you it's not because of lock ups or malware. For the record, I didn't 'blame' MBAM for anything, I just find it's persistent blocking of IP's I require access to, to be troublesome.

@Swandog46 - Thank you for the link.

@AdvancedSetup - All in all, I'm disappointed that white list is not on the cards at present, I understand there are probably technical reasons for this however I hope you can find a way to make it work.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

@ Sema4 ....

I do appreciate your response and respect what it is you do on your computer, the only reason I asked to just to make sure you were hot having other issues that my have been causing your problems. In most cases folks that have to restart many times a day are due to hardware failures or software lockups so I just wanted to rule those out.

I hope they solve your issues and happy surfing....

Not sure if it has been mentioned already in this thread, but have you looked at [iNFO] IP Protection where it talks about how to make some changes to the IP Protection module?

Link to post
Share on other sites
  • 3 weeks later...
delete2end

delete2end

Posted
Posted

I would like to see a log file included inside the application itself listing all the IP addresses that are blocked by the product. Even better, would be something like Peer Guardian where the end user could choose whether or not the IP address should be blocked. I go to a number of websites that are just fine but your product blocks.

Thanks

James

Link to post
Share on other sites
Sema4

Sema4

Posted
Posted
I would like to see a log file included inside the application itself listing all the IP addresses that are blocked by the product. Even better, would be something like Peer Guardian where the end user could choose whether or not the IP address should be blocked. I go to a number of websites that are just fine but your product blocks.

Thanks

James

+1

Link to post
Share on other sites
  • 3 weeks later...
zaphod

zaphod

Posted
Posted

I am usually dealing with this IP and behavior blocking from the other way around (client to server, instead of server to client)...

Also I am making a guess about things here, but if your blocking module has the ability to modify a bitstream, rather than just blocking it with a replacement page, would it not be better on a blocked IP to simply strip out the hostile code, assuming most of the problems can be found inside of <script> and <embed> tags, and showing a "safed" version of the page, like Privoxy or Proxomitron?

IMHO whitelisting is bad, because a baddie only needs to be whitelisted once to cause massive mayhem. Also, if a user misunderstands the power of whitelisting, and gets hammered by something, they could blame Malwarebytes as being ineffective. So, I would also think in order to bypass a block, that the software should report back to Malwarebytes that the user has decided not to trust the software and all implied warranties to license number XXXXX are null and void because they decided they knew better about a blocked address.

Zap :)

Link to post
Share on other sites
Bagby

Bagby

Posted
Posted
We cannot and will not publish the contents of our IP database in plaintext any more than we will publish the rest of our database, because if we did, the malware authors would know exactly whether and how they are being blocked, and would take steps to circumvent it.

(Haven't visited here in a while since happily disabling the IP blocker.)

Are you the good guys, or not? if you believe in evenhanded treatment, fairness, and the like, then you must publish the list of who you're blocking so that those who are innocent and wrongly blocked can find out about it and try to get off your list. If that tells the bad guys, then it tells the bad guys and so what? They will take steps to circumvent it? If you're doing this even halfway right, you're policing that list a couple of times a day anyway, and you've got at least one person assigned full-time to maintaining it. You have an absolute duty to assure than any address on it currently belongs on it. You should be several steps ahead of the black hats anyway.

What shocks me is that if one of the black hats DOES move on, the old IP he used to use is still being blocked, now without any justification at all. If you aren't reviewing the list semi-daily, how often ARE you reviewing it? How long WILL it take before that innocent IP gets removed? Will it ever, if nobody finds out you're blocking it and complains to you?

Melodramatic, a couple of you have called the complaint? It may not be dramatic enough. Once you're on MBAM's list, you're guilty until proven innocent, and you can't even find out that you're on the list -- MBAM's not forthright enough to say, "We're blocking you because we think you're a malware site".

No, you just get blocked without notice. It may take you months to find that out, and to straighten out the error with MBAM.

(It is the basic idea, not just implementations of it like Blackhole, that is at fault. Blackholing did not WORK, as well as being wrongheaded. Bayesian filtering is far more effective and at least has the potential to learn and to be far more accurate. And the implementation itself is horrendous: If you're guilty, you just move on. You were probably planning to do that anyway; but if you're innocent, you get undeservedly punished until you figure it out and get it fixed. The innocent are treated worse than the guilty.)

How does MBAM propose to make a screwup right? You've blocked someone innocent for months, you were dead wrong about it, and you lacked the fortitude to reveal what you're doing so they could at least find out and try to talk to you about it. You've repeatedly called that IP a malicious site when it never was.You've diverted a chunk of their traffic wrongfully for a long time. That may well have been the difference between success or failure of an innocent web site. And this could easily be for something as simple as a typo or a transposition.

How are you going to make that right? Nevermind legalities, though in a better world they could and should sue your asses off for libel. Let's talk about fundamental fairness, something in the general direction of justice. How are you going to undo the damage, the wrong, the harm you've done to the innocent? Please don't tell me that you think the end justifies the means.

MBAM should abandon the IP blocklist forthwith, and logically and morally unsound.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Unless you work for MBAM, and work behind the scenes, I don't think you actually know what they do and how they do it. I think it is hard to judge what they are doing if all you are doing is assuming what they are doing.

I have read on several threads including this one now, where Rubber Ducky replied, that states they attempt to contact the ISP's and they usually get no response. Also they have the False positive section where you can enter your IP and request it get removed. This removal from what I can see on that thread gets done within the next one to two updates on the definition file, and since they come out about 4 times a day, that would be pretty quickly.

Link to post
Share on other sites
mountaintree16

mountaintree16

Posted
Posted

I second Zaphods post where he says...

Also, if a user misunderstands the power of whitelisting, and gets hammered by something, they could blame Malwarebytes as being ineffective.
Also, if a message with his suggestion or something similar to it in wording was shown somewhere along the line prior to adding the IP address to the block, that would be good. That way someone cannot try and hold Malwarebytes liable for any damage that may occur as a result of un-blocking a malicious IP address :(
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.