Jump to content

IP Protection


Recommended Posts

When I first started to notice the IP blocks I didn't think much of them..since they surfaced while I was running a file sharing client..

Now that the feature had been implemented in Malwarebytes for awhile I'd like to make some requests..

I want to know 2 things..

Who the IP address belongs to & ideally why it was blocked..

And what process on my local machine is attempting the connection..

Unreasonable?

Link to post
Share on other sites

How are you! Please see this post for an answer to your question: http://www.malwarebytes.org/forums/index.php?showtopic=21076

EDIT: If the IP blocked it is malicious IP addresses.. and as for who it belongs to, you would have to do a search on that for example: this site: http://www.projecthoneypot.org/search_ip.php

Post back if you have any comments or questions.... regards..

Link to post
Share on other sites

Thank you for your reply :-)

In my opinion..identifying what process attempted to make contact would be instrumental in helping capable users detect local rogue applications..

Where do I find the IP Protection logs?

Vista users

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

XP Users

%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Note: %AllUsersProfile% refers to the location of the "All Users" Windows profile, and is usually C:\Documents and Settings\All Users\

--- Will these Logs tell me the process attempting to access the blocked IPs?

What does this notification mean?

It simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address.

--- This is just great..What I'd like to know is what browser..IM..P2P..attempted to access a malicious IP address

Link to post
Share on other sites

Thank you for your reply :-)

In my opinion..identifying what process attempted to make contact would be instrumental in helping capable users detect local rogue applications..

--- Will these Logs tell me the process attempting to access the blocked IPs?

--- This is just great..What I'd like to know is what browser..IM..P2P..attempted to access a malicious IP address

Well you know where the logs are and 1 will be created each time you boot up in a plain txt file. It will log the IP address's

Will these Logs tell me the process attempting to access the blocked IPs?
If I read this right, it might be for the developer team to explain it?

Whatever browser you use, if you land on a malicious website, (I never use IM) it will flag as IP Block.. I hope this helps...

Link to post
Share on other sites

No, the logs will not tell you what process tried to access the IP's unfortunately. That would be more the job of a software firewall to serve such a function, something that Malwarebytes' Anti-Malware isn't.

Thank you exile360! I had to think about that one for a second...regards..

Link to post
Share on other sites

To clarify, the IP Protection facility cannot currently tell you what process is attempting to connect to the IP being blocked as the API used, does not provide that information on XP, only on Vista/Windows 7. You'd be best off using a firewall to determine what is connecting to where.

As far as who owns the IP, you can use the following site (note: the site is run by me) to determine this, and in most cases, it will also tell you why it's blocked (just pop the IP into the search box on the site);

http://hosts-file.net

Link to post
Share on other sites

Alright..it's been made pretty clear the blocking is it's own function..separate from Why Where & What..

It's also been made apparent those functions are not currently implemented..& from the sound of it..will never be..

If I started to use a software firewall..I would move to using that exclusively..but I don't like things like ZoneAlarm..

Why & Where aren't nearly as important to me as What either..

Thanks for talking shop all the same :-)

Link to post
Share on other sites

  • Staff

Yes, I can give you the Why though. The sites being blocked are known to host malware, meaning MBAM is protecting you from potential infection by cutting it off at the source. While this can prevent say, a new trojan from getting onto your system, it can also block a trojan that's already present on the system from phoning home, potentially at least. It doesn't identify the program communicating, but even a software firewall wouldn't do you any good in most such scenarios anyway, given that the majority of modern trojans are injected into legitimate processes and hidden using rootkit technology, so likely all you'd see as the process name in the log if MBAM did tell you what program it was would be something like svchost.exe which you certainly don't want to delete.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.