Jump to content
jayman1000

settings-win.data.microsoft.com and bat.bing.com blocked due to malware?

Recommended Posts

Got these two "blocked due to malware" in Malwarebytes right after each other. Upon inspecting the log in Malwarebytes it said outbound connection, an ip adresse and firefox.exe browser (I am using firefox to browse the internet).

Is there any way to get more info about what caused this? Could it simply be from a site I was visiting? Maybe some content on website may have linked to those pages, like ad or something?

 

Share this post


Link to post
Share on other sites

Hi.

On the one citing Microsoft, First of all, be sure you do a Update run in Malwarebytes for the latest updates.

Share this post


Link to post
Share on other sites

Would also like to report something like this. I don't get bat.bing.com but I do get a lot of settings-win.data.microsoft.com. I myself am using Chrome as my browser. It's always same settings-win.data.microsoft.com as well as the ip address but the port is constantly changing. All as Website Blocked but it it's a specific site I don't know which one when I first noticed I turned off that website that I was on at the time but it happened again and I turned off my browser but it still happened another 3 times with that settings-win.data.microsoft.com. I will sya I started getting them about a hour after I scanned mys system and my system starts a scan at 6:00pm Central in Texas. First one was at 6:58 pm the next was at 7:13 pm next at 7:28 pm then last at 7:43 pm. If you need anything else for information let me know and I'll see if I can find it.

Share this post


Link to post
Share on other sites

Hello just saw your post after I posed mine. I have the newest updates according to Malwarebytes. I'm pretty sure it did a update before it did my schedule scan at 6:00 pm Centeral in Texas. Just to double check I did a click to see if it would update again and says it's current.

Share this post


Link to post
Share on other sites

As long as program is Current, the False positive block notice should go away.

Share this post


Link to post
Share on other sites

Getting the same thing on a Win 10 laptop - settings-win.data.microsoft.com  and another one, watson.telemetry.microsoft.com. Gotta assume these are false positives?

Yeah, i know, telemetery - it's a brand new laptop and I haven't turned off all the Win 10 snooping yet.

Share this post


Link to post
Share on other sites
2 minutes ago, Xoanon said:

Getting the same thing on a Win 10 laptop - settings-win.data.microsoft.com  and another one, watson.telemetry.microsoft.com. Gotta assume these are false positives?

Yeah, i know, telemetery - it's a brand new laptop and I haven't turned off all the Win 10 snooping yet.

Please run an update and if you still see the blocks then restart the program. 

Share this post


Link to post
Share on other sites

Although a long time user, I know very little abt security software. I've never had to try to fix anything and for that I am thankful. My Malwarebytes is completely updated.

This morning I installed Dashlane Premium, a password manager. As I have worked with setting this up, I also tested out the included VPN.

Scan reports have shown no threat at all until this evening when I had a website blocked: logs.dashlane.com. Nothing was quarantined. I read in a help file that this problem is when Malwarebytes does an update? Do I need to exclude that link?

That wasn't the only message that popped on the screen. Several messages from Malwarebytes popped up, although I cannot find them anywhere in Malwarebytes now.  I happened to click one and this is what it said:

-Website Data-

Category: Malware

Domain: watson.telemetry.microsoft.com

IP Address: 20.44.86.43

Port: [50224]

Type: Outbound

File: C:\Windows\System32\WerFault.exe

Thank you to anyone of you who might advise me.

 

Share this post


Link to post
Share on other sites
2 minutes ago, Porthos said:

Please run an update and if you still see the blocks then restart the program. 

I only got those two in a row and haven't had any since I posted the thread. Malwarebytes was current for updates all the time. I wonder if it will even happen again?

Share this post


Link to post
Share on other sites
4 minutes ago, Porthos said:

Please run an update and if you still see the blocks then restart the program. 

They stopped on their own after awhile - and mbam says it's up to date now, so it should be covered. I just came here out of curiosity as to what was up.

Share this post


Link to post
Share on other sites
Just now, jayman1000 said:

Malwarebytes was current for updates all the time.

Newer database a bit later fixed the issue.

 

1 minute ago, jayman1000 said:

I wonder if it will even happen again?

Even if it does, It gets fixed fast.

Share this post


Link to post
Share on other sites

This was an unfortunate false positive.  It was caught & corrected quickly, via Updates.

Share this post


Link to post
Share on other sites
20 hours ago, Maurice Naggar said:

This was an unfortunate false positive.  It was caught & corrected quickly, via Updates.

That's great to hear, thanks for getting back about it!

Share this post


Link to post
Share on other sites

On 7/30/19 around 7:30pm, Malwarebytes blocked 3 different Outbound Connections to the same IP address using ports 61592, 61415, and 61256.  I used this tool to look up the who owns the IP: https://mxtoolbox.com/arin.aspx  (Is that an accurate tool to use?).  It had Microsoft's HQ address and name listed in quite a few spots, and given other people's responses here and other places, I guess it is a false positive?  I have not had the same detections since then.

Share this post


Link to post
Share on other sites
2 hours ago, Brandon_2019 said:

I guess it is a false positive?  I have not had the same detections since then.

It was and was fixed the same day.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.