Jump to content

Not getting notifications when blocking webs

Xauma95
 Share
Go to solution Solved by dcollins,

Recommended Posts

  • Replies 111
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Xauma95

Xauma95

Posted
  • Author
Posted
Just now, Xauma95 said:

now i don't know if im fully protected because eset online scanner found 2 JS/Adware.Agent.AA on my firefox cache, and neither my mbam or avast detected it, even doing a manual scan of the file didn't detected as adware and i have all settings enabled

also hitman pro detected 2 boxore.ou on my registry that mbam or avast didn't detected

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
2 minutes ago, exile360 said:

It's possible that the detection is an FP or that the scripts were never allowed to execute (if they don't run, they're harmless).  I would suggest submitting them to Research for analysis so that they can confirm their contents.

Yeah maybe FP, my bad for deleting it, now i can't send those threats to Research, but if I found them again how can i sent them to research?

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
5 minutes ago, exile360 said:

You can submit it in a new topic here and you can also submit the site it came from here for analysis.  Just be sure to follow the guidelines and instructions in the pinned topics in each area to make sure they have all the info they need.

okey thanks, still waiting to solve my issue with mbam notifications but they said that they are investigating it

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
18 hours ago, dcollins said:

I'm back and still chugging away at this issue. While I was away, we released a new update that had some Web Protection enhancements. Can you please go to Settings -> Application and click Install Application Updates to get the latest version and see if this helps at all?

I've tried first no notifiation with extension enabled, then disabe extension and test with mbam  test web and other web with adds and at first i saw the notification but when i visited the second web with ads and ty again with the mbam test web it was named with the previous blocked add, and with chrome the same but the second try with the mbam test web doesn't show the notification and show the chrome error page. So still having this weird issue and don't know what to do

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

Thanks. We'll need to try and get a bit more data to understand what's going on here. The key thing we'll need is a Wireshark log of the network traffic. You can get this by doing the following:

  1. Make sure the Extension is disabled in Firefox and Chrome
  2. Download and install Wireshark
  3. Launch Wireshark and have it monitor your connection (double click your network adapter)
  4. A lot of data should start to flow across your screen
  5. Leave Wireshark running, and then reproduce the issue
  6. After reproducing the issue, click the red stop button near the top
  7. Click File -> Save and save the capture somewhere you can easily find it later
  8. Turn off Web Protection
  9. Click the far left button on the toolbar, that looks like a shark fin to start a new capture (everything should erase, and then start filling up again)
  10. Follow the same steps as you did in step 6, but everything should work now
  11. Click the red stop button near the top
  12. Click File -> Save and save the capture next to the one you saved before
  13. Zip up both capture files and private message them to me

I know these are a lot of instructions, but for strange issues like these we unfortunately need a bit more data. Thanks in advance

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
1 hour ago, dcollins said:

Thanks. We'll need to try and get a bit more data to understand what's going on here. The key thing we'll need is a Wireshark log of the network traffic. You can get this by doing the following:

  1. Make sure the Extension is disabled in Firefox and Chrome
  2. Download and install Wireshark
  3. Launch Wireshark and have it monitor your connection (double click your network adapter)
  4. A lot of data should start to flow across your screen
  5. Leave Wireshark running, and then reproduce the issue
  6. After reproducing the issue, click the red stop button near the top
  7. Click File -> Save and save the capture somewhere you can easily find it later
  8. Turn off Web Protection
  9. Click the far left button on the toolbar, that looks like a shark fin to start a new capture (everything should erase, and then start filling up again)
  10. Follow the same steps as you did in step 6, but everything should work now
  11. Click the red stop button near the top
  12. Click File -> Save and save the capture next to the one you saved before
  13. Zip up both capture files and private message them to me

I know these are a lot of instructions, but for strange issues like these we unfortunately need a bit more data. Thanks in advance

Web protection have to be off all the time? sorry it is a little bit confusing

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Like what, you mean the driver etc.?  Yeah, you need the WinPCap driver etc. to be able to capture traffic properly.  If it's bundled with any toolbars or anything like that then you don't need those, but you do need to install the driver components etc. to get full capture functionality.  Once you're done testing you can remove everything though, and after uninstall if any traces/drivers etc. are left behind you can use a tool like MS Sysinternals Autoruns to remove them.

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
4 minutes ago, exile360 said:

Like what, you mean the driver etc.?  Yeah, you need the WinPCap driver etc. to be able to capture traffic properly.  If it's bundled with any toolbars or anything like that then you don't need those, but you do need to install the driver components etc. to get full capture functionality.  Once you're done testing you can remove everything though, and after uninstall if any traces/drivers etc. are left behind you can use a tool like MS Sysinternals Autoruns to remove them.

 

2.PNG

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
11 minutes ago, exile360 said:

Like what, you mean the driver etc.?  Yeah, you need the WinPCap driver etc. to be able to capture traffic properly.  If it's bundled with any toolbars or anything like that then you don't need those, but you do need to install the driver components etc. to get full capture functionality.  Once you're done testing you can remove everything though, and after uninstall if any traces/drivers etc. are left behind you can use a tool like MS Sysinternals Autoruns to remove them.

plugins and extensions are needed?

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
3 minutes ago, exile360 said:

No, probably not.  I thought you were referring to the prompt it displays about WinPcap.  You shouldn't need the plugins, but either way it really doesn't matter as you can remove it once dcollins is done diagnosing the issue.

So i install everything but the plugins and extensions, rigth?

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

Yep, leave all the defaults when installing Wireshark. First perform the test with Web Protection enabled (if you have the browser extension installed, disable that though). Then do it again, but this time with Web Protection disabled. This allows us to compare the broken state to the non-broken state so we can see what's different.

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

Yep, we'd like to try a few more tests if you don't mind.

  1. Please start by updating your Malwarebytes database. We had some recent duplicate entries that would cause the issue with the block notification showing the incorrect type of block (Malware vs Fraud vs Riskware, etc). This support article shows how to manually update your database.
  2. Now close all of your web browsers and wait 30 seconds (this clears the internal Malwarebytes cache for notifications).
  3. Open Firefox, and open a Private Window (Menu -> New Private Window)
  4. Now navigate to iptest.malwarebytes.com

Please relay what happens when you navigate to the page

Link to post
Share on other sites
Xauma95

Xauma95

Posted
  • Author
Posted
1 hour ago, dcollins said:

Yep, we'd like to try a few more tests if you don't mind.

  1. Please start by updating your Malwarebytes database. We had some recent duplicate entries that would cause the issue with the block notification showing the incorrect type of block (Malware vs Fraud vs Riskware, etc). This support article shows how to manually update your database.
  2. Now close all of your web browsers and wait 30 seconds (this clears the internal Malwarebytes cache for notifications).
  3. Open Firefox, and open a Private Window (Menu -> New Private Window)
  4. Now navigate to iptest.malwarebytes.com

Please relay what happens when you navigate to the page

I've tried and at the begining it works normal but when i keep trying sometimes no notifications and sometimes notifications named incorrectly, i have some screeshots

Captura.PNG

captura2.png

Captura3.PNG

captura4.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.