settings-win.data.microsoft.com and bat.bing.com blocked due to malware?

[jayman1000]

Got these two "blocked due to malware" in Malwarebytes right after each other. Upon inspecting the log in Malwarebytes it said outbound connection, an ip adresse and firefox.exe browser (I am using firefox to browse the internet).

Is there any way to get more info about what caused this? Could it simply be from a site I was visiting? Maybe some content on website may have linked to those pages, like ad or something?

 

[Maurice Naggar]

Hi.

On the one citing Microsoft, First of all, be sure you do a Update run in Malwarebytes for the latest updates.

[Chaos5061]

Would also like to report something like this. I don't get bat.bing.com but I do get a lot of settings-win.data.microsoft.com. I myself am using Chrome as my browser. It's always same settings-win.data.microsoft.com as well as the ip address but the port is constantly changing. All as Website Blocked but it it's a specific site I don't know which one when I first noticed I turned off that website that I was on at the time but it happened again and I turned off my browser but it still happened another 3 times with that settings-win.data.microsoft.com. I will sya I started getting them about a hour after I scanned mys system and my system starts a scan at 6:00pm Central in Texas. First one was at 6:58 pm the next was at 7:13 pm next at 7:28 pm then last at 7:43 pm. If you need anything else for information let me know and I'll see if I can find it.

[Chaos5061]

Hello just saw your post after I posed mine. I have the newest updates according to Malwarebytes. I'm pretty sure it did a update before it did my schedule scan at 6:00 pm Centeral in Texas. Just to double check I did a click to see if it would update again and says it's current.

[Maurice Naggar]

As long as program is Current, the False positive block notice should go away.

[Xoanon]

Getting the same thing on a Win 10 laptop - settings-win.data.microsoft.com  and another one, watson.telemetry.microsoft.com. Gotta assume these are false positives?

Yeah, i know, telemetery - it's a brand new laptop and I haven't turned off all the Win 10 snooping yet.

[Porthos]

2 minutes ago, Xoanon said:

Getting the same thing on a Win 10 laptop - settings-win.data.microsoft.com  and another one, watson.telemetry.microsoft.com. Gotta assume these are false positives?

Yeah, i know, telemetery - it's a brand new laptop and I haven't turned off all the Win 10 snooping yet.

Please run an update and if you still see the blocks then restart the program. 

[CaraBethP]

Although a long time user, I know very little abt security software. I've never had to try to fix anything and for that I am thankful. My Malwarebytes is completely updated.

This morning I installed Dashlane Premium, a password manager. As I have worked with setting this up, I also tested out the included VPN.

Scan reports have shown no threat at all until this evening when I had a website blocked: logs.dashlane.com. Nothing was quarantined. I read in a help file that this problem is when Malwarebytes does an update? Do I need to exclude that link?

That wasn't the only message that popped on the screen. Several messages from Malwarebytes popped up, although I cannot find them anywhere in Malwarebytes now.  I happened to click one and this is what it said:

-Website Data-

Category: Malware

Domain: watson.telemetry.microsoft.com

IP Address: 20.44.86.43

Port: [50224]

Type: Outbound

File: C:\Windows\System32\WerFault.exe

Thank you to anyone of you who might advise me.

 

[jayman1000]

2 minutes ago, Porthos said:

Please run an update and if you still see the blocks then restart the program. 

I only got those two in a row and haven't had any since I posted the thread. Malwarebytes was current for updates all the time. I wonder if it will even happen again?

[Maurice Naggar]

See Staff replies about Updating
https://forums.malwarebytes.com/topic/250074-malwarebytes-reports-malware-from-chrome/

 

[Xoanon]

4 minutes ago, Porthos said:

Please run an update and if you still see the blocks then restart the program. 

They stopped on their own after awhile - and mbam says it's up to date now, so it should be covered. I just came here out of curiosity as to what was up.

[Porthos]

Just now, jayman1000 said:

Malwarebytes was current for updates all the time.

Newer database a bit later fixed the issue.

 

1 minute ago, jayman1000 said:

I wonder if it will even happen again?

Even if it does, It gets fixed fast.

[Maurice Naggar]

This was an unfortunate false positive.  It was caught & corrected quickly, via Updates.

[jayman1000]

20 hours ago, Maurice Naggar said:

This was an unfortunate false positive.  It was caught & corrected quickly, via Updates.

That's great to hear, thanks for getting back about it!

[Maurice Naggar]

OK.

[Brandon_2019]

On 7/30/19 around 7:30pm, Malwarebytes blocked 3 different Outbound Connections to the same IP address using ports 61592, 61415, and 61256.  I used this tool to look up the who owns the IP: https://mxtoolbox.com/arin.aspx  (Is that an accurate tool to use?).  It had Microsoft's HQ address and name listed in quite a few spots, and given other people's responses here and other places, I guess it is a false positive?  I have not had the same detections since then.

[Porthos]

2 hours ago, Brandon_2019 said:

I guess it is a false positive?  I have not had the same detections since then.

It was and was fixed the same day.