Jump to content

settings-win.data.microsoft.com and bat.bing.com blocked due to malware?


Recommended Posts

Got these two "blocked due to malware" in Malwarebytes right after each other. Upon inspecting the log in Malwarebytes it said outbound connection, an ip adresse and firefox.exe browser (I am using firefox to browse the internet).

Is there any way to get more info about what caused this? Could it simply be from a site I was visiting? Maybe some content on website may have linked to those pages, like ad or something?

 

Link to post
Share on other sites

Would also like to report something like this. I don't get bat.bing.com but I do get a lot of settings-win.data.microsoft.com. I myself am using Chrome as my browser. It's always same settings-win.data.microsoft.com as well as the ip address but the port is constantly changing. All as Website Blocked but it it's a specific site I don't know which one when I first noticed I turned off that website that I was on at the time but it happened again and I turned off my browser but it still happened another 3 times with that settings-win.data.microsoft.com. I will sya I started getting them about a hour after I scanned mys system and my system starts a scan at 6:00pm Central in Texas. First one was at 6:58 pm the next was at 7:13 pm next at 7:28 pm then last at 7:43 pm. If you need anything else for information let me know and I'll see if I can find it.

Link to post
Share on other sites

Hello just saw your post after I posed mine. I have the newest updates according to Malwarebytes. I'm pretty sure it did a update before it did my schedule scan at 6:00 pm Centeral in Texas. Just to double check I did a click to see if it would update again and says it's current.

Link to post
Share on other sites

Getting the same thing on a Win 10 laptop - settings-win.data.microsoft.com  and another one, watson.telemetry.microsoft.com. Gotta assume these are false positives?

Yeah, i know, telemetery - it's a brand new laptop and I haven't turned off all the Win 10 snooping yet.

Link to post
Share on other sites

2 minutes ago, Xoanon said:

Getting the same thing on a Win 10 laptop - settings-win.data.microsoft.com  and another one, watson.telemetry.microsoft.com. Gotta assume these are false positives?

Yeah, i know, telemetery - it's a brand new laptop and I haven't turned off all the Win 10 snooping yet.

Please run an update and if you still see the blocks then restart the program. 

Link to post
Share on other sites

Although a long time user, I know very little abt security software. I've never had to try to fix anything and for that I am thankful. My Malwarebytes is completely updated.

This morning I installed Dashlane Premium, a password manager. As I have worked with setting this up, I also tested out the included VPN.

Scan reports have shown no threat at all until this evening when I had a website blocked: logs.dashlane.com. Nothing was quarantined. I read in a help file that this problem is when Malwarebytes does an update? Do I need to exclude that link?

That wasn't the only message that popped on the screen. Several messages from Malwarebytes popped up, although I cannot find them anywhere in Malwarebytes now.  I happened to click one and this is what it said:

-Website Data-

Category: Malware

Domain: watson.telemetry.microsoft.com

IP Address: 20.44.86.43

Port: [50224]

Type: Outbound

File: C:\Windows\System32\WerFault.exe

Thank you to anyone of you who might advise me.

 

Link to post
Share on other sites

2 minutes ago, Porthos said:

Please run an update and if you still see the blocks then restart the program. 

I only got those two in a row and haven't had any since I posted the thread. Malwarebytes was current for updates all the time. I wonder if it will even happen again?

Link to post
Share on other sites

4 minutes ago, Porthos said:

Please run an update and if you still see the blocks then restart the program. 

They stopped on their own after awhile - and mbam says it's up to date now, so it should be covered. I just came here out of curiosity as to what was up.

Link to post
Share on other sites

On 7/30/19 around 7:30pm, Malwarebytes blocked 3 different Outbound Connections to the same IP address using ports 61592, 61415, and 61256.  I used this tool to look up the who owns the IP: https://mxtoolbox.com/arin.aspx  (Is that an accurate tool to use?).  It had Microsoft's HQ address and name listed in quite a few spots, and given other people's responses here and other places, I guess it is a false positive?  I have not had the same detections since then.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.