Jump to content
barber50701

Website Blocked 255.255.255.255

Recommended Posts

We are getting this across the company - 

Dropbox outbound connections and a ScanSnap outbound connection are being blocked by all of the machines they're installed on.

Attached are the connections being blocked. 

blocked connections.jpg

Share this post


Link to post
Share on other sites

Please update your database this was a brief FP resolved in the latest database

Let us know if issues persist once updated

Share this post


Link to post
Share on other sites
Just now, KDawg said:

Please update your database this was a brief FP resolved in the latest database

Let us know if issues persist once updated

How would I update the database if I'm on Cloud? I already pushed a task for all endpoints to check for updates at 10:19CST and they're still throwing errors. 

Share this post


Link to post
Share on other sites
Just now, barber50701 said:

How do I update the database on the Cloud edition? I thought it was automatic.

Right, that would make sense since it's cloud based...

Share this post


Link to post
Share on other sites

It is you can also push an update command form the Endpoints tab of your cloud console Check the box next to all endpoints and select Actions > "Check for Protection Updates"

Share this post


Link to post
Share on other sites
Just now, KDawg said:

It is you can also push an update command form the Endpoints tab of your cloud console Check the box next to all endpoints and select Actions > "Check for Protection Updates"

I've done that three times since 10am and my colleague did it twice in the 9am hour

Share this post


Link to post
Share on other sites

@alicias Are you still seeing the detection's the last thing I can see in your logs is getting our latest DB update. Do the issues persist on that endpoint, have we seen additional detection's?

Share this post


Link to post
Share on other sites
Just now, KDawg said:

@alicias Are you still seeing the detection's the last thing I can see in your logs is getting our latest DB update. Do the issues persist on that endpoint, have we seen additional detection's?

That user is no longer having an error, and it seems the ScanSnap detections are gone. 

Still getting svchost errors on a couple that don't have Dropbox and Dropbox on one. We're having that user uninstall the desktop client, though. 

Share this post


Link to post
Share on other sites

We are continuing to investigate I really appreciate the logs and updates, we are working to resolve.

Can you please add 255.255.255.255 to your website exclusions list and let us know if the issues persist

 

Share this post


Link to post
Share on other sites

Hi guys,

We are seeing six machines with the dropbox blocked message on 255.255.255.255.

For now we will uninstall Dropbox as it is annoying the end users but what can be done for them to resolve this?

We are using the Malwarebytes Endpoint Protection cloud system. I have pushed an updated ("check for protection updates") and run a scan+quarantine, nothing has changed.

Edited by AlexLeadingEdge

Share this post


Link to post
Share on other sites

Someone from the support team reached out to me this morning and said it's still being worked on. 

I'm still having the issue with ScanSnap

Share this post


Link to post
Share on other sites

We're also seeing this here still.  I added the exclusion back in November.  After reading that this had reportedly been resolved I removed the exclusion this morning.  Systems immediately started reporting the website blockage.  Running Cloud based protection.  Installed the client on a new system to be sure versions are up to date, same issue.  For now I placed the exclusion back.

image.png.9d73404c22b04aa61188364e59ff36e5.png

Share this post


Link to post
Share on other sites

I removed the exclusion for five minutes this morning (just now) and several units are throwing detections. I made sure to update them to the latest database, as well. 

Canon IJ Network Utility, Dropbox, ScanSnap and svchost.exe (still) seem to be the culprits. Though, I hadn't seen Canon throwing the detect alert before. 

@AlexSmith tagging because I know you were looking into this :P

image.thumb.png.a7088acbf21cadb04f0b30e482d57cc8.png

Edited by alicias

Share this post


Link to post
Share on other sites

@alicias I verified with the PM that the bug is still occurring. A fix is currently in testing and he recommends placing a temporary exclusion for 255.255.255.255.

Share this post


Link to post
Share on other sites

We have the fix confirmed, however it is targeted for release on Endpoint Protection soon.


Block should not occur with the exclusion in place.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.