Jump to content
IT_Guy

Website Blocked 255.255.255.255

Recommended Posts

Just had an endpoint try to access 255.255.255.255:68 using netsvcs and was blocked.

 

The machine scans clean, any idea why/what this was?

Edited by djacobson
changing topic name back to original

Share this post


Link to post
Share on other sites

I've been seeing the same thing and it came on suddenly, probably around 1700UT. MB is placing the blame on svchost.exe of all things. Anyone else?

Share this post


Link to post
Share on other sites

Yeah a whole bunch of my endpoints JUST started doing this.

 

At least it's not isolated. Hopefully this isn't blocking my machines from getting a DHCP address.

Share this post


Link to post
Share on other sites

Multiple endpoints getting it here.  Most are port 68, one endpoint is port 17500.  Started at 2:20pm.

Share this post


Link to post
Share on other sites
Just now, spnkzss said:

Ditto.  Every machine online right now, and the calls are coming in.

Oh man are they ever, I'm going home until tomorrow.

Share this post


Link to post
Share on other sites

Response from a support engineer at MWB

 

" it is an FP on our side. We are currently working on getting this fixed. You can put that in the exclusion list in the meantime while we get this fixed."

Share this post


Link to post
Share on other sites

So, when I make a change to something, I have a test environment that I deploy it to first.  Then I deploy "global".  It might be a good idea for Malwarebytes to at least consider please.

Share this post


Link to post
Share on other sites

We do regression testing of the signatures before they are pushed, but sometimes you just can't predict how it will be in the wild of the real world. Add the 255.255.255.255 IP to be ignored under your Exclusions -> New -> Website on cloud or your Policy -> your policy -> Edit -> Ignore List in your console.

Share this post


Link to post
Share on other sites

Gotta be honest, I don't know what I'd do without this forum and all you, the community, communicating here. When my phone started ringing from users reporting in, this is the first place I came to and was immediately relieved that we weren't under attack or something.

Thanks all.  Keep it going.

Share this post


Link to post
Share on other sites

Have a user that when they attempt to open a PDF attachment from an outside vendor or try to forward the message they are getting a Malwarebytes blocked message for Outboundconnection (255.255.255.255:68)  I have done a scan on the system and there are no infections.  They have no browsers open, the e-mail is just plain text, yet they get the message.

WO 13662.PNG

Share this post


Link to post
Share on other sites

Hello,

Thank you for the report. This was a false positive that we had on address 255.255.255.255. We have currently fixed this in the latest database. To make sure your clients are on the latest database, please follow these steps:

1. Log into the cloud console and navigate to the endpoints tab.

2. From there, select all the endpoints affected and click on the 'actions' button in the upper right.

3. Select the 'check for protection updates' button and your clients will reach out to our servers to get the latest update.

We do apologize for the inconvenience with this block. If you continue to run into issues, please reply back to this e-mail.

Many Thanks,

Share this post


Link to post
Share on other sites

@TonyCummins, do you have the ignore in place? Also try and give the endpoint communication service a restart. MBEndpointAgent.

You can do a net stop, net start on the service remotely if needed. Let me know if that helps.

Share this post


Link to post
Share on other sites

You're welcome @spnkzss, we're trying! It's also getting easier now that I have more folks tagging in to help me in the biz section. Plus great feedback on the announcement thread request, with all the views on it, it looks to be really helping. 

If any of you guys have other requests for the forum, better ways to help through this medium or things you'd like to see, I'll do my best to make it happen!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.