Jump to content
rgam

Sphinx-software Windows 10 Firewall Control

Recommended Posts

Starting sometime >24hrs ago, Malwarebytes popping up blocking connections being made by software I've used for some years - Windows 10 Firewall Control - attempting to contact the developer's website  sphinx-software.com.  MBAM reporting trojan IP address 198.38.82.127   (shared hosting/Mocha hdq CA/USA)

When I got around to asking nslookup about sphinx-software.com, I got back a  127.0.x.x address (= LAN no internet server);

So, maybe this is a real hack/takeover or something I'm thinking.... Then, even later, sphinx-software.com starts coming up with a different IP on every inquiry - such as 52.219.32.114,  which appears to be Amazon/AWS in Singapore and there's a website up that mentions Vietnam, but nothing about Sphinx-software products.

If anyone is using Windows 10 Firewall Control by Sphinx-software, which does enhance the ability to control what things have access to internet/local net, apparently the software itself has a 'phone-home' portion, and home is no longer what it was. My suggestion is to either stop using it, or re-define sphinx-software.com to something you have control over (i.e., one of your own servers, or a loopback/non-existent ip address....)

 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

(This is just one tiny example of the huge issues ahead of all of us as the number of internet-connected devices, all containing software that do things that haven't really been disclosed to us [oh, maybe there's some fine print in 50 pages of legal stuff that all of us are supposed to read for everything we install to understand these things], come back to bite.  Why does software like Windows Firewall 10 need to phone home every couple hours? And what does it say when it's doing it? And, if the owner doesn't renew the domain, any bad actor can take it over? What about your IP doorbell, camera, refrigerator, tv, car.............

Even when designed in USA or Europe, most of the devices we use are made in China or its neighbors with software written in Asia by people who have unknown ethics about what's fair game to collect.

We are getting to the point (with smartphones) where a few big tech companies are amassing every detail of our lives. Where we go, who we contact, what we're interested in, and more. And, government-sponsored actors that want that info, want to be able to manipulate that info, and want to be able to destroy the entire infrastructure that we take for granted.

Sure glad I'm not young.  

Share this post


Link to post
Share on other sites

Greetings,

I'm also using Windows 10 Firewall Control (on Windows 7 here).  I've been using it for years.  I currently have the free version installed and haven't observed it phoning home or any web blocks from Malwarebytes, though that could be due to the fact that I'm running it on Windows 7 or due to the fact that it's the free version rather than one of the paid versions.  Hopefully whatever is going on gets cleared up soon.  I found references to releases from them as recent as June 29th of this year so I assume they're still in business.  It's probably just a matter of them needing to renew their lease for their domain/site and it's probably just a parked domain for the time being which would explain why it rotates between different IPs (since parked domains will often pull different content/ads etc. from the hosting provider in order to generate ad revenue from the domains they own that are not currently in use by any customers).  Malwarebytes blocks many of these parked domains/ads for obvious reasons so I assume that's the reason for the IP blocks.

Anyway, thanks for the heads-up and hopefully Sphinx will get their site back online soon.

Share this post


Link to post
Share on other sites

I just found a conversation with the developers on a support site for the software from a couple days ago and they verified their licensing servers are still online.  Not sure what's going on with the main site, but they appear to still be active so I suspect they'll get this situation resolved soon but I'll be keeping an eye on it in the meantime.

Again, thanks for the info about this issue.

Share this post


Link to post
Share on other sites

OK, I'm back with news.  I just tried for like the 10th time to reach their site and was finally able to do so.  Their page looks normal with all the same info it always had so I suspect the issue is now resolved.  I'll go ahead and report the web block to the Malwarebytes web Research team to see about removing the block assuming it shouldn't be there.

Thanks again for bringing this to our attention :) 

Share this post


Link to post
Share on other sites

Thank you for the updates.

(I am using Win7 & did purchase license. Part of reason I like the product is it provides a really easy, and pretty sure way of blocking any new software installed from accessing the Internet (or even LAN) without explicitly granting the software the permission to do so. 

Try that with Windows/Windows Advanced Firewall - nearly impossible and highly complicated to add any exclusions.

Why do so many software packages 'phone home'? I think the answer is - because they can.  The data that they can potentially receive from our computers/devices is staggering, and modern civilization has failed miserably at understanding and controlling this out-of-control data grab by businesses that are motivated primarily by profit $.  So, in this instance, the software enabling me to otherwise control what can and can't use the net itself uses the net for its own unknown transfer of info.

Share this post


Link to post
Share on other sites

My guess is that it's probably checking in with their licensing server, but I don't know for certain.  That's just my guess as I haven't seen the free version which I use phoning home at all (I received no blocks while Malwarebytes was blocking their servers).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.