Jump to content

Recommended Posts

What's with the MBAM service sending data every few minutes to this two addresses? It's about 100kb of data in approximately 5 minutes.

It started today although usage and threat statistic has been turned off. It's a bit annoying as it slows down internet.



Link to post
Share on other sites
  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
  7. Click the Gather Logs button
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:


To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.


One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

It's likely traffic from the cloud component in Malwarebytes which is a part of the new heuristics/Machine Learning/anomaly detection engine which was added to Malwarebytes 3 a while back.  You may find the information in this support article to be of use.  Also, at least as far as I know, the amazonaws and cloudfront addresses are both parts of the CDNs (Content Delivery Networks) used by Malwarebytes for hosting databases and program updates and are likely also the same systems/servers/connections used for the cloud components I mentioned.  That's just my hypothesis though, so someone from the staff may need to respond with more detail/confirmation.

Link to post
Share on other sites

You're welcome :)

Nope, since you disabled telemetry, the only kind of checking in it should do would be for licensing/subscription validation, database updates, product version updates/upgrades, and of course all the cloud/AI detection stuff I mentioned.

If there's anything else we might assist you with please don't hesitate to ask.


Link to post
Share on other sites
  • Staff

The domains depicted in your screenshot are related to Malwarebytes update checks and license state/key check-ins.

Note that disabling telemetry within the settings will prevent normal usage telemetry from being sent up, but does not suppress certain threat detection telemetry as this is required for normal operation of certain Real-Time Protection components.

Link to post
Share on other sites

It most likely is pretty normal depending on what you're doing at the time since the various protection components will talk to the cloud while doing their work such as the Web Protection component while browsing and the Machine Learning/anomaly detection component I mentioned which will analyze any new/unknown process it doesn't recognize leveraging the cloud to determine if it's malicious and to help train the module/system further for improving its classification/detection capabilities.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.