Jump to content

cdn.onesignal.com message about PUP


Recommended Posts

I am using Malwarebyes version 3.7.1.2839 (component ver: 1.0.563 / update ver 1.0.10110) and keep getting a

message from MWB that it is blocking a PUP. I get this message using either the latest versions Chrome or Firefox.

These message only show up when on certain sites like CNN.com

I read in another thread that an update about this has been pushed out but I am still getting this messages and MWB

shows with a Current update status.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Just as an aside, I am not getting any block on the main front page pcmag.com

Be real sure that you do a Update run on the Dashboard screen of Malwarebytes.  Be very sure it is all up to date.

If you still get a block notice, close all web browsers, then Exit out of Malwarebytes.   Restart it after a bit, then restart the browser.

My understanding is that there was a false positive in the past day or so;  but should have been cleared up via a database update.

If you still get a block notice, it would be great to have the full URL link.

Thanks,

Link to post
Share on other sites

Hello,

I have been having the same problem with this notification on my local news and weather website (weau.com) The problem started last night and has lasted throughout the day today. It pops up whenever I update the site to check the current weather situation (we are having a storm in our area). This is a trusted website and has never given me problems before. This is the information from the latest notification that I have received:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/11/19
Protection Event Time: 7:19 PM
Log File: a5304fb2-5cb8-11e9-9b99-64510642656f.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10118
License: Premium

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: PUP
Domain: cdn.onesignal.com
IP Address: 104.16.204.165
Port: [58105]
Type: Outbound
File: C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

(end)

Link to post
Share on other sites

Greetings,

It appears that these sites are likely using a push notification advertising service and that is the reason for the blocks.  I say this because I visited cdn.onesignal.com and among the items listed on their homepage was this entry:

push.png.3772bb8f9b2c6aa0a38c3b15e88ebbe3.png

So in this case, Malwarebytes is doing what it was intended to do by blocking annoying ads like this as push notifications can be particularly persistent and irritating and can pop up even when you aren't visiting the site where you originally came across it, basically any time your browser is opened.  You can learn more about these types of ads/notifications and why they are blocked in this Malwarebytes Labs blog entry.

If you're using Chrome (or any other Chromium based browser such as SRWare Iron, Vivaldi or the recently released Microsoft Edge beta based on Chromium) or Mozilla Firefox then you may install the Malwarebytes browser extension beta as it blocks many advertisements, trackers (to protect privacy), clickbait sites, phishing sites and tech support scams as well as the same malicious sites blocked by the Web Protection component in Malwarebytes Premium, however it also includes behavior based blocking for several categories of known malicious sites to go beyond the blacklist blocking method used by the Web Protection component.  The two work very well together and the browser extension adds blocking for several categories of sites not normally blocked by the Web Protection component (such as clickbait sites and the tracking servers I mentioned, among others).  It is currently available for free and you may easily remove it if you decide that it doesn't suit your needs.  You may learn more about the browser extension and find out where to download it at the following links:

Chrome
Firefox

Anyway, I hope this helps to clarify why you're seeing those blocks.  Many sites have been turning to more aggressive advertisers that use such tactics as many users these days have ad blockers installed which block standard ads and these types of ads are far more persistent and difficult to avoid, and this is why Malwarebytes targets and blocks them.

Link to post
Share on other sites

By the way, just FYI, I came across the following threads regarding this site:

It appears the block has been removed from the Malwarebytes database for the time being, however some users have reported that they needed to restart their browsers after updating Malwarebytes for the blocks to stop occurring.  It is also possible that you may need to clear your DNS cache and temp files in your browser to eliminate the caching which may also be triggering the repeated blocks.  To do so you may either use the built in settings in your web browser(s) or use a tool such as CCleaner (if you require instructions on how to use CCleaner let us know and we can provide them) and that should eliminate the blocks.

Link to post
Share on other sites

Thank you for the replies. I do have an ad blocker installed already ( I could see if it has had an update) and have cleared out all of the temp files and caches. I will close everything down and restart to see if that stops the notification from popping up as well.  Otherwise I have one more question. Do you recommend that I stop using internet explorer for good and go to chrome? I don't happen to like chrome but I have been told that internet explorer is not really supported anymore or just has too many problems in the past.  

Link to post
Share on other sites

I still use IE11 on a regular basis myself (in fact, that's the browser I use here on the forums and typed this reply in).  As long as it is still being patched I will likely continue to use it.  It's the fastest and lightest of the 4 browsers I use by far (I also use SRware Iron which is based on Chromium, just without Google's embedded telemetry/adware/tracking, Firefox, and on very rare occasions Google Chrome).  It doesn't have the same level of plugin support as the others, however I've found that certain capabilities it includes are far more robust and user friendly including the ability to fully control cookies so that I get prompted for every site that tries to save cookies on my system and can allow once, block once, allow always or block always cookies for each site and its pop-up blocker is second to none when cranked up to its maximum setting (I've tested it on some very shady sites full of nasty pop-up ads and the like, and while it doesn't always get every one blocked, it does far better than both Chrome and Firefox even when their pop-up blockers are on max).  It also has very robust security settings if you dig into it including features like Protected Mode, SmartScreen Filter, ActiveX filtering etc.

It also benefits from the Exploit Protection provided by Malwarebytes the same as the other browsers which helps to make it far more secure.

That said, obviously the Malwarebytes browser extension isn't compatible with it so that is definitely one downside (though the new Chromium based Edge browser should be as I mentioned earlier).

I'm pretty paranoid when it comes to security though, so I may take more extreme measures to secure my systems and browsers than most folks so for me there is little risk in running a browser like IE.  That said, given the fact that Chrome is now the most widely used popular browser these days, it is actually targeted by the bad guys/malware/exploits far more frequently than IE is which is a major shift from how things used to be.

I believe that as long as you keep Malwarebytes active and up to date and keep Windows patched then you should be fine using IE for as long as it is still supported and being updated by Microsoft.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.