Jump to content

Web Protection+DNSCrypt=NO INTERNET

Recommended Posts

Something must have changed in the Web Protection component because for the first time ever, when Web Protection is active I cannot access the internet if DNSCrypt is enabled (I have my DNS server address set to as I always have for DNSCrypt).  This just cropped up with the latest beta, 4.0.1; I had no issues with 4.0.0 or any previous version of Malwarebytes.

To test, install SImple DNSCrypt and enable it for your network adapter(s) and verify for your IPv4 properties for your network connections that the Use the following DNS server address: option is set to NOTE: Do NOT try this without DNSCrypt installed/active or you won't have internet access, because normally is the loopback address, however because of the way that Simple DNSCrypt installs its service as a local DNS server, it uses this address to capture all DNS requests accordingly.

You can find the latest build of Simple DNSCrypt here for QA testing and verification of this issue.

I'm running Windows 7 x64 SP1 fully patched, though I doubt it matters as it appears to simply be an issue with the use of the loopback address as your DNS server address because if I either disable the address as my DNS server address or disable Web Protection in Malwarebytes, my internet starts working immediately.  As soon as I have both enabled there is no internet access.

Link to post
Share on other sites
  • 1 month later...

Hey guys, just FYI, I've tested with the latest betas and unfortunately this is still occurring so I've rolled back to the MB3 RTM build for the time being until this gets sorted because I gotta have my Web Protection ;) 

Link to post
Share on other sites


With the latest beta version and DNSCrypt, we haven't experienced any connectivity issues with Web Protection enabled on Windows 7 or Windows 10.

Are you able to provide some additional data on the issue? Enabling enhanced event log data in the latest beta version, reproducing the issue and then gathering logs with the Malwarebytes Support Tool would be useful.

Could you also try the following:
1. Disable DNSCrypt completely (detach the network card by unchecking it and remove service using the option above)
2. Set your DNS setting in Windows to "Obtain automatically".
3. Enable DNSCrypt and attach to the network card by checking it.
4. Enable Web Protection in Malwarebytes version 4.

Edited by LiquidTension
Link to post
Share on other sites

To be clear, I am using a specific application for implementing DNSCrypt called Simple DNSCrypt which, when enabled for a network connection, configures the DNS setting to Use the following DNS server address: and sets it to as shown below (it does this for any connection that you enable DNSCrypt for in Simple DNSCrypt):


I'll return once I've restarted my system to let you know how it went.

Link to post
Share on other sites


Can i ask you to verify few settings on your system and perform these steps?

1. IPv6 is enabled on your primary network adapter (Control Panel - Networking). All settings are to default, DNS as well

2. "DNSCrypt - Advanced Settings - Listed Addresses" should contain IPv4 and IPv6 addresses ("" and "[::1]:53") and if not - click the button below to restore the defaults

After all of this can you try to restart your system and/or restart DNSCrypt and reattach it to your primary network adapter?

Thank you! 


Link to post
Share on other sites

Nope, IPv6 is completely disabled on both my system and modem/router.  The only change I'm making when enabling DNSCrypt is that it modifies my default DNS address to  In Simple DNSCrypt it shows my 'Listen Addresses' as for IPv4 and [::1]:53 for IPv6 (though I also have its 'Block IPv6' setting enabled).  Web Protection doesn't require IPv6 connectivity, does it?  Or is that something that's changed in MB4?  If so, that might explain the issue, though it is odd that I have IPv6 disabled in Windows itself and my modem/router yet Web Protection still works as long as DNSCrypt is disabled.

Would you like me to try disabling the 'Block IPv6' option in Simple DNSCrypt to see if that makes any difference?

Link to post
Share on other sites

 Web Protection doesn't require IPv6 connectivity, does it

You're right, IPv6 is not the requirement.


I can give an advice to do the following steps:

1. Disable DNSCrypt

2. Enable IPv6 on your adapter on Windows (only in OS, not in router), set all options to "Automatically"

3. Disable option "Block IPv6" in DNSCrypt - i presume that no need to block IPv6 while you do not have such type of traffic.

4. Set DNS on IPv4 and IPv6 to "Automatically" on your primary network adapter

5. Restart OS


Thank you!

Link to post
Share on other sites

If I do all of those steps the internet will work, but only because DNSCrypt is disabled.  I can perform any series of steps, and I've tried many, however if Web Protection is enabled and DNSCrypt is enabled, there is no internet connectivity.  If I disable either one, the internet works fine (even without a system restart; I just have to wait long enough for the cache to clear itself/the browser to retry the connection).

Something changed in the implementation of Web Protection between MB3 and MB4 and for whatever reason, it doesn't like my setup.  I'm going to try disabling my HOSTS file next to see if that has any impact on the issue.  It may since there is some IPv6 stuff in there (along with tons of IPv4 blocks, of course).

Link to post
Share on other sites

Well, disabling the HOSTS file didn't help unfortunately, but I did think of one more thing.  I don't see why it would impact anything, but it might if somehow the implementation of the driver has changed in some way.  I have my network connection configured as a 'public connection' (the most secure connection type) rather than a home or work connection.  I did it this way because it's the most secure, though I wouldn't think that would mess with Web Protection, but maybe it is a factor somehow.

Link to post
Share on other sites

I tried a few more things.

Excluding from Web Protection=No effect

Excluding Simple DNSCrypt's primary executable and service from Web Protection=No effect

Configuring Windows 10 Firewall Control to 'EnableAll' mode (the same as no firewall at all)=No effect

So far the only thing that works is either disabling DNSCrypt, or disabling Web Protection, but I'll keep experimenting with it.  I hope that you guys are able to replicate it.  I can provide further details on my system configuration if required in order to help QA to replicate the issue, just let me know.

I just thought of something else.  Because I'm using a large HOSTS file, I have the DNS Client service disabled.  Perhaps that is the missing factor here.  I will try disabling my HOSTS file (to avoid the constant 100% CPU usage from having a large HOSTS file with the DNS Client service enabled), then try enabling both Simple DNSCrypt and Web Protection to see if that resolves the issue.  I know that Binisoft Windows Firewall Control (recently acquired by Malwarebytes) requires the DNS Client service to be active in order to display its notifications, so perhaps Web Protection in MB4 is somehow getting borked when DNSCrypt is active with that service disabled.  I'll post back and let you know how it goes.

Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...

I have news!  So far Simple DNSCrypt and the latest version of Malwarebytes, build 4.0.4, appear to be working together with Web Protection enabled!

That said, I did notice that Malwarebytes blocked one of the resolvers in use currently:

This is a public server being used for DNSCrypt as reflected here as well as here so I went ahead and added an exclusion for it since it is one of the resolvers currently in use on my system (I use *many* for the purposes of additional obfuscation of my web traffic).

Here's the detection log in case it is required:

	-Log Details-
Protection Event Date: 11/4/19
Protection Event Time: 9:30 AM
Log File: fffe5ef0-ff17-11e9-aff4-000000000000.json
	-Software Information-
Components Version: 1.0.717
Update Package Version: 1.0.14556
License: Premium
	-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
	-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\bitbeans\Simple DNSCrypt x64\dnscrypt-proxy\dnscrypt-proxy.exe, Blocked, -1, -1, 0.0.0
	-Website Data-
Category: Trojan
IP Address:
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\bitbeans\Simple DNSCrypt x64\dnscrypt-proxy\dnscrypt-proxy.exe

I can report it to the Website Blocking FP forum if necessary, though it is possible that this IP is also host to malicious content which could be the reason for the block.

Anyway, I'm just glad to finally have Web Protection back.  I did have MBG the entire time obviously (along with all of my other blacklists/filters, my massive HOSTS file, my long list of blocked telemetry servers blocked via the Windows Firewall etc.), but it's nice to have Web Protection on duty as well in order to guard the rest of the system outside my browser.

Edited by exile360
Link to post
Share on other sites

By the way, I went ahead and did a lookup on hpHosts and it shows green for the IP in question (though obviously that database is not definitive/in full parity with the Web Protection databases in Malwarebytes):



Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.