Jump to content

Recommended Posts

Malwarebytes just started to block 255.255.255.255:17500 for dropbox process.

I think that Dropbox uses that port to find out other hosts in the local network to sync faster.

Edit to add: the exclusion rules should allow for a single app connecting to a single address, not completely whitelisting an app (which is unsafe).

 

Edited by Anarelion
Link to post
Share on other sites

I got the same for dropbox, and svchost.exe port 68.

I will add though, that the exclusion and notification management in MBAM is sub-par compared to even Windows Defender. It's basically all or nothing, which I don't like either.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 11:26 AM
Log File: c0f29f4a-ce28-11e7-8831-00ff80c6259a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [68]
Type: Outbound
File: C:\Windows\System32\svchost.exe

(end)
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 11:28 AM
Log File: ed5852d2-ce28-11e7-ab95-00ff80c6259a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [17500]
Type: Outbound
File: C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe



(end)

 

Edited by Phoenix84
Link to post
Share on other sites

Me too

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 2:39 PM
Log File: 85f91cc8-ce2a-11e7-af3e-e06995b1b05c.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 10 (Build 14393.1884)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [17500]
Type: Outbound
File: C:\Users\Meni\AppData\Roaming\Dropbox\bin\Dropbox.exe

(end)

Link to post
Share on other sites

I'll add one more log to the mix.   I'm getting the dropbox block on port 17500 but also getting blocked on port 63618 when my canon scanner software reaches out to the network to get status from my wireless printer/scanner/fax.   

It looks to me like it's blocking based on an attempt by anything to broadcast to the network and not any specific application.    Once I get a few minutes I'll do some more specific digging and see if I can trigger it myself and eliminate the application aspect. 

-- logs --

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 2:43 PM
Log File: 0aec44f0-ce2b-11e7-9cab-305a3a589034.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium

-System Information-
OS: Windows 10 (Build 16299.64)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 255.255.255.255
Port: [63618]
Type: Outbound
File: C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(end)

Link to post
Share on other sites

The svchost port 68 is a particular problem, because that's the DHCP broadcast.

If MBAM blocks it, you may lose internet connectivity (due to IP renew failure).

It might be a good idea to add an exception for that process ASAP, in case the devs don't push out an update fast enough.

Edited by Phoenix84
Link to post
Share on other sites

Yes, I exited Dropbox and that stopped the dropbox.exe messages.  But now...on a lower frequency...I get a message that reads:


Website blocked
IP Address: 255.255.255.255
Port: 68
Type: Outbound
File: C:\Windows\System32\svchost.exe

Admittedly, that is not too helpful...But Dropbox.exe is not the only thing being affected.

Edited by Bruttium
Link to post
Share on other sites

I have the same problem.  It just started about 5 minutes ago.  It gives me a "website blocked" message every 10 seconds.  It does not stop.  It is for ip address 255.255.255.255 and it identifies dropbox.exe, and it alternates between port 17500 and port 68, and it is outbound.  I have had dropbox and Malwarebytes Premium for years without any problems.  I wonder if dropbox.exe has gotten hacked.  I don't want to exclude dropbox.exe just in case it has been attacked and modified.

Link to post
Share on other sites

this is the second widespread false positive within a week.. ive experienced many false positives like this...really getting annoying. not only that, hundreds or thousands of people who dont know to look at this forum are probably freaking out that they have a virus or dont know what to do. i feel like once the update goes out, people affected by it should get a notification like "what you saw was a false positive, no need to worry!" etc.. 

 

edit: pressed update, issue seems to be fixed

Edited by taintedbloop
Link to post
Share on other sites

5 minutes ago, Bruttium said:

I just opened up Malwarebytes and clicked on "Updates: Current" under Scan Status, and *something* downloaded...

That seemed to have done the trick, thanks for posting.

I wanted to whitelist dropbox but I feared it might be a real hack and I'd end up with ransomware in my brain...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.