Jump to content

Website Exclusions Not Working

deanb1234

By deanb1234
in Malwarebytes Nebula

 Share

Recommended Posts

KDawg

KDawg

Posted
Posted

I have research investigating the block to determine if this is still hosting malicious Phishing content.

If you are sure you trust this site and would like to exclude from being blocked further please use the following as a website exclusion.

*.ftpsllc.com

I have replicated the block in a test environment and was able to resolve with this exclusion.

Please let me know if you still have trouble with this in place.

Link to post
Share on other sites
deanb1234

deanb1234

Posted
  • Author
Posted

Thanks Kevin.  I put the exception in just as you said 2 hours ago and it's still blocking it.  This is happening on a few sites on multiple computers.  Korean users are unable to get to www.trusbill.or.kr.  I've excluded it multiple different ways, including *.trusbill.or.kr and nothing.  The exclusions were working and then a few days ago they stopped. 

image.thumb.png.a37a726bf18a7d9d4f6773a172779eee.png

Link to post
Share on other sites
deanb1234

deanb1234

Posted
  • Author
Posted

There was another thread on the same issue and the person was able to use IP addresses and that solved the issue, but unfortunately that doesn't work for my environment.  The sites are still being blocked.

Also that's not a valid solution if a site is load balanced and has multiple random IP's.

Link to post
Share on other sites
  • 2 weeks later...
deanb1234

deanb1234

Posted
  • Author
Posted

Yep,  I even put all of the machines in a group with Web Protection disabled and now their getting an error message about exploit protection blocking an exploit.  Also while working with Ron on the server issue he saw in the logs that web protection was still trying to turn on even though the policy was disabled.

This is happening to ALL the machines in Korea, but not on a test machine here in the states.

image.thumb.png.20f2c13128f836fffbecba9c58d530db.png

Link to post
Share on other sites
djacobson

djacobson

Posted
Posted (edited)

Ohhh, exploit hit, ok, that's something different. Alright, stay with Ron on the server issue, your machine not receiving or processing their policies correctly is something that will need to be in the hands of dev, I imagine he's getting that going for you already?

For the exploit hit, I'll need some logs off a machine in question. Open an elevated CMD prompt as admin. Change the directory to C:\Program Files\Malwarebytes Endpoint Agent

  • cd C:\Program Files\Malwarebytes Endpoint Agent

Once there, run this command

  • MBCloudEA.exe –diag

That will create a folder on the desktop called MBDiagnostics. Send this zipped folder back to us.

Edited by djacobson
Link to post
Share on other sites
deanb1234

deanb1234

Posted
  • Author
Posted

Thanks Dylan!

I've sent these instructions over to our International IT to reach the Korean office.  

What's really strange is that my test machine is able to access the site fine, but the entire Korean office is blocked from accessing it.  It will either throw the website block if web protection is enabled or the exploit block if it's disabled.  Very strange.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept