Jump to content
Gezuriya

ANSWERED Web Protection not blocking malicious/phishing websites

Recommended Posts

I have noticed that any malicious/phishing links that aren't entered via the direct IP address, for example, if you enter 123.456.789.000/malware.exe, it would block it, however if that website was on the domain, exampledomain.com/malware.exe, it will not be blocked.

I have also observed that Malwarebytes for Chrome seems to block sites without any problems, but if I turn off the extension, nothing is blocked, not even Web Protection will block it.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Greetings,

There were several known issues with the Web Protection component in the last version of Malwarebytes which have been corrected in the most recent release of Malwarebytes, version 3.8.  If you haven't received it already, please update to it by launching Malwarebytes and navigate to Settings>Application and clicking on the Install Application Updates button.  Allow it to download and install the new build and restart your system if prompted to do so to complete the installation process, making certain you save anything you were working on prior to doing so.

Once that's complete please test to see if the issue is now resolved.

If you already had version 3.8 installed then please try a clean install to see if that fixes it:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

Should the issue still persist after that then please do the following so that we may take a closer look at your installation to try and determine the cause:

  1. Run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Please let us know how it goes, and if necessary please provide the requested ZIP file if the issue still remains.

Thanks

Share this post


Link to post
Share on other sites

Hi,

It seems that this has not fixed the issue, and it is still occurring.

Please find attached the log file from the support tool.

mbst-grab-results.zip

Share this post


Link to post
Share on other sites
24 minutes ago, Gezuriya said:

I have also observed that Malwarebytes for Chrome seems to block sites without any problems, but if I turn off the extension, nothing is blocked, not even Web Protection will block it.

Just a note, The browser extensions will block things the Malwarebytes web protection will not.

If you have sites that are not being blocked by the program you can report them here for review. https://forums.malwarebytes.com/forum/155-newest-ip-or-url-threats/

Share this post


Link to post
Share on other sites
1 minute ago, Porthos said:

Just a note, The browser extensions will block things the Malwarebytes web protection will not.

If you have sites that are not being blocked by the program you can report them here for review. https://forums.malwarebytes.com/forum/155-newest-ip-or-url-threats/

The problem is that the program is not blocking anything apart from direct IP links, so things such as phishing sites are not being blocked by the program at all.

The URLs are being blocked fine by the extension, but upon disabling it, the web protection doesn't block it, even though there are clearly signatures for it as shown by the extension blocking them.

The reason I am reporting this is due to the fact that if someone doesn't know about, or doesn't want to install the extension, or has an unsupported browser, they won't be able to block any malicious or phishing URLs, making the web protection module useless.

Share this post


Link to post
Share on other sites
6 minutes ago, Gezuriya said:

The URLs are being blocked fine by the extension, but upon disabling it,

I posted the info just to point out the differences in protection with the browser extension and understand you are having other issues.

Your issue will be looked at by staff soon.

Share this post


Link to post
Share on other sites

Thanks,  I noticed a few entries in your logs which may indicate what the problem could be.  First, I saw traces of COMODO under WFP filters.  WFP is the Windows Filtering Platform which is the same set of APIs used by Web Protection for blocking websites.  If you no longer have any Comodo products installed I would suggest removing the traces if possible.  Running the CIS cleanup tool may help.  The link below provides instructions and downloads for the appropriate version for each version of Windows; you'll want the 64-bit version:

Comodo Internet Security

Additionally, I noted many entries related to various alternate DNS and VPN tools.  If you aren't using any of these tools then they should be uninstalled as one or more of them or a combination thereof may be interfering with Web Protection, particularly given the nature of the issue you report as altered DNS settings as well as a VPN could modify traffic/connections in such a way that Malwarebytes might not recognize blocked sites in its database unless connecting directly to the blocked IP as running your connection through such mechanisms causes Windows/the network stack to report the IP address of the VPN service you are connecting to, not the actual website you are visiting (unless of course you enter the IP address directly).

Additionally, the Malwarebytes browser extension does block many sites that are not blocked by the Web Protection component in Malwarebytes.  They are not identical which is why both exist.  They may be used together, however they do work very differently in how they block sites, especially since the browser extension has the ability to behaviorally block malicious sites not based on their addresses, but based on how the pages behave, enhancing protection from new/unknown malicious sites of many common types (such as phishing, tech support scams etc.).

That said, you can test by disabling the browser extension and trying to visit iptest.malwarebytes.com or by trying to visit it in a browser where the browser extension is not installed (such as Internet Explorer).

There is one other issue I noticed.  Your logs should have included FRST logs, a third party tool that the Malwarebytes Support Tool is supposed to download and run, however they were not present (they should have been within the Other Logs folder), however if the Malwarebytes Support Tool was unable to connect to the web for some reason, this could be the reason why.  It's also possible that something on your system blocked it from running or interfered with it in some way.

Share this post


Link to post
Share on other sites
Just now, Porthos said:

I posted the info just to point out the differences in protection with the browser extension and understand you are having other issues.

Your issue will be looked at by staff soon.

Hi,

Thanks for getting back to me, I will await further instruction from Staff in regards to this issue.

 

Share this post


Link to post
Share on other sites

By the way, I also noticed that User Account Control is not configured to its default setting.  I would strongly recommend resetting it to defaults as Malwarebytes, like the vast majority of modern software, has been designed to be fully compatible and compliant with UAC, not to mention the security advantages offered by User Account Control.  It isn't likely to be the cause of the issue, however it could by why FRST didn't run and may also cause other issues with your system.  Instructions on resetting UAC can be found on this page.  Those instructions apply to Windows 8 and Windows 7, however they should be quite similar to 10 as well, but if you have trouble finding it please let us know.

Share this post


Link to post
Share on other sites
13 minutes ago, exile360 said:

By the way, I also noticed that User Account Control is not configured to its default setting.  I would strongly recommend resetting it to defaults as Malwarebytes, like the vast majority of modern software, has been designed to be fully compatible and compliant with UAC, not to mention the security advantages offered by User Account Control.  It isn't likely to be the cause of the issue, however it could by why FRST didn't run and may also cause other issues with your system.  Instructions on resetting UAC can be found on this page.  Those instructions apply to Windows 8 and Windows 7, however they should be quite similar to 10 as well, but if you have trouble finding it please let us know.

Hi,

 

I reset UAC to default settings, and successfully removed the Comodo leftovers, and it is now working as intended.

Thanks to both of you for your help.

Share this post


Link to post
Share on other sites

Excellent, I'm glad to hear it :) 

If there is anything else we might assist you with please don't hesitate to let us know.

Thanks

Share this post


Link to post
Share on other sites

As this issue is now resolved I will go ahead and close this topic now.

Thank you everyone for the assistance

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.