Jump to content
pinkish

Exclusions not working

Recommended Posts

Hello,

I have attached a screenshot of a website I excluded and still gets blocked. Malwarebytes Exclusions don't work for websites, but also for applications. I have an application allowed that still gets blocked, but I figured maybe the app has addons or something that I don't know about.

But when it comes to websites, it should be straighforward. Still, Exclusions don't work. What to do?

MBS.png

Share this post


Link to post
Share on other sites

Greetings,

I'm sorry that exclusions aren't working properly for you.  First off, please try excluding the IP address of one of the servers to see if that works.  It's possible that we're continuing to block because of a particular sub-domain which we're not excluding completely on one or more of the servers you're attempting to access.

With regards to the application exclusions, which protection components are you trying to exclude them from and are they being detected by a particular realtime protection component, by scans, or by both?

I'd like to get all of the problems you're having with exclusions resolved if possible so if you are willing, I'd like to work on both the web exclusions issue and the application exclusions issue as they are potentially related.

Also, for the purpose of diagnosing (and hopefully resolving) the issue, would you please run our MB-Check.exe diagnostic tool located here and attach the log, which should be created on the desktop of the endpoint in question, to your next reply?

Thanks

Share this post


Link to post
Share on other sites

Hello and thank you for your fast reply. The problem with the domain blocking I've also discussed in another topic and the log is there:

https://forums.malwarebytes.com/topic/212699-livescorecom/

About the application: I use AceStream from AceStream.org and it connects to a lot of IPs when I watch a sports video stream. The only problem I have is that the Web Protection module starts blocking IPs every 2 seconds, probably thinking it's an attack on the computer or something. So I just disable the Web Protection for the duration of the live event.

I excluded the application exe files and also the whole folder, it doesn't work. But since I don't watch live events all the time, I didn't report it. But the problem with the websites (like www.livescore.com) persists even when they are listed in the exclusions and I don't understand why.

It looks like excluding the IP works, so I've excluded the IPs for the website and its CDN:

46.51.195.125
54.246.159.106
91.121.58.83

And it works! So instead of URLs I will try and block IPs in the future.

Also, I did the MB-Check and attached the result. Thank you.

mb-check-results.zip

Share this post


Link to post
Share on other sites

I see, thanks for the additional info.  I'm glad excluding the IPs worked for you so at least now you can get to those domains with web protection active.

With regards to ace_engine.exe, it appears to be excluded from our ransomware protection but not web protection.  If you would, please delete that exclusion and attempt to create it again, this time making certain that you select Exclude an Application that Connects to the Internet and that should prevent it from being blocked from connecting to any websites/servers which might be contained in any of our blacklists.

Please give that a try and let me know how it goes.

Thanks

Share this post


Link to post
Share on other sites

We added exclusions for registry (homepage, screensaver etc) and used wild card. They still get tagged and quarantined. Frustrating.

 

Share this post


Link to post
Share on other sites

If you post or pm a capture of the block we can create an exclusion that should be able to work for you

Share this post


Link to post
Share on other sites
On 10/16/2017 at 2:54 AM, exile360 said:

With regards to ace_engine.exe, it appears to be excluded from our ransomware protection but not web protection.  If you would, please delete that exclusion and attempt to create it again, this time making certain that you select Exclude an Application that Connects to the Internet and that should prevent it from being blocked from connecting to any websites/servers which might be contained in any of our blacklists.

Please give that a try and let me know how it goes.

I did just that and removed all entries for ACE-related exe's and re-added them and I think it's OK now. I've done a little testing, but will do more in the future. Also, I added some more exe files to the list of excluded file. See attached.

Thanks for your help, thanks everyone, I hope this problem never rises again!

ace-exes.png

Share this post


Link to post
Share on other sites

Excellent, yes, those exclusions look correct.  Notice how they're now listed as "Application Web Process" under Exclusion Type.  This means that those processes will no longer be subject to being blocked/filtered by our web blocking protection component.  That's exactly what you need if you wish to allow a process to freely connect to any servers without incurring any blocks from our web block list (especially useful for P2P apps that are known to connect to multiple servers such as Torrent downloaders, Skype and similar apps which user peer-to-peer technology).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.