Jump to content
0xKubo

Too many requests from Malwarebytes for websites added to exclusion list

Recommended Posts

Hi there,

Just noticed some behavior from Malwarebytes that I think should be reviewed and would like some explanation for this...

Every website added to the exclusion list has constant DNS requests to the excluded site. Why? I don't understand why this is needed and would like to get some clarification.

The way I see it, Malwarebytes is doing URL filtering to protect us from bad/phishing websites. For excluded sites, you just need to compare the URL being accessed with the URL in the exclusion list, a simple string comparison. I can't think of a single reason why you are constantly making a DNS request to every single excluded website in my exclusions list.

I don't want to give up the "Web Protection" from Malwarebytes, but this behavior is not acceptable for me.

Looking forward to hear back from the Malwarebytes team.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

I mean, look at these requests in under 30mins:

image.thumb.png.bda92ffc227b18f671b28b24b2a7d183.png

This is too much...

Share this post


Link to post
Share on other sites

Hello,

This is expected behaviour in the current version of Malwarebytes. When an exclusion is made on a domain, we query it every 2 minutes to check if the associated IP address has changed or not. This is to ensure we do not block it in case it has changed.

Many users are unfamiliar with DNS and when they enter in an exclusion to Malwarebytes, they expect that exclusion to work at all times.

With that said, I can certainly appreciate why the frequency seems excessive and will be bring this up further with the product team.

Share this post


Link to post
Share on other sites
8 hours ago, LiquidTension said:

When an exclusion is made on a domain, we query it every 2 minutes to check if the associated IP address has changed or not. This is to ensure we do not block it in case it has changed.

I'm confused, can you please explain this a bit more and why exactly does the IP address needs to be checked?

Share this post


Link to post
Share on other sites
16 hours ago, 0xKubo said:

I'm confused, can you please explain this a bit more and why exactly does the IP address needs to be checked?

When we add a new item to the Web Protection database, the block can be placed on a domain name, IP address or both.

If an exclusion is placed on a domain name (such as the exclusion you've configured for free.appnee[.]com), we need to ensure we also do not block the IP address that the domain maps to - otherwise, the website will be inaccessible. The frequent querying is done to check if the IP address that the excluded domain maps to has changed. If it has, we can still ensure the IP address is not blocked. Unfortunately, we cannot wait for the DNS query that is performed when the user attempts to visit the website, so we must do this in advance to ensure the excluded website is accessible to the user at all times.

Share this post


Link to post
Share on other sites

Greetings,

This issue may be resolved by the new beta build of Malwarebytes, version 3.8.  You can learn more about it here.

If you decide you wish to give the beta a try then please open Malwarebytes and navigate to Settings>Application and scroll to the bottom of the tab where it shows the option to enable beta updates and select the option to do so and click Yes at the confirmation prompt then scroll back to the top of the same tab and click on the Install Application Updates button and allow it to download and install the new build, allowing it to restart your system if prompted to do so once the installation completes, making sure that you save anything you were working on before you do.

If you do try the beta, please let us know if it resolved the issue you were experiencing or not.

Thanks

Share this post


Link to post
Share on other sites

This behaviour is still present in version 3.8.1. We are currently looking into different methods to achieve the same goal without the frequent DNS queries.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.