Jump to content
alhazred

Kaspersky Internet Security and MBAM Web protection problem... part two

Recommended Posts

Hi chaps,

I hate to be that "bloody annoying guy who's always going on about Kaspersky interfering with MBAM's web protection component" again after my previous 2018 thread, but the problem seems to have recurred.

I'm currently using the latest Kaspersky version but the problem was also occurring in the version previous to that.  Malwarebytes all up to date after using the update application button.

Anyhow,  I was browsing the web when I got hit by the deloplen ad-rotator, which I thought was strange as Malwarebytes blocks that.  So I visited Malwarebytes Threat Center and visited a few of the domains listed that Malwarebytes blocks and I was able to visit all of them and they weren't blocked.  In some cases I received a notification that it was blocked but the page was still visible.  Strangely enough though even though the domains weren't blocked all the blacklisted IP addresses were successfully blocked.

So I uninstalled Kaspersky completely and again visited the blacklisted domains mentioned in the Threat Center and it successfully blocked them, so there is definitely some sort of incompatibility going on between the two products.

Before anyone asks, yes, I added all Malwarebytes entries to the exclusion list and also added it to the trusted zone.  I also disabled Advanced disinfection but still no change.

I just thought I'd post this to bring it to Malwarebytes attention, assuming they don't already know.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Kaspersky is known to do some pretty strange/intense things with a system's network devices and connections and if one of those components is making it behave like a proxy resulting in the incorrect address/URL/domain being reported to the WFP filtering (the built in/native Windows APIs used for the Windows Firewall as well as the Web Protection component in Malwarebytes Premium) then that could easily cause failures in blocking any blacklisted address based on its domain name (rather than IP).  I don't know if it is even possible to resolve it if my suspicion is correct, but if you disable any web filtering/traffic analysis components in Kaspersky and reboot and then Web Protection starts working normally then that would pretty much verify that this is indeed the cause of the issue.  I'm not certain if the Developers can work around that or not, but my intuition based on my limited knowledge of the situation is that they probably cannot because it's basically the same as trying to block remote domains when all traffic is being routed through a VPN; it can't work because as far as any software on the system is concerned (such as the Web Protection component in Malwarebytes), the only remote server being connected to is the one belonging to the VPN provider, which in turn connects to the sites you are visiting in order to host their content to your system meaning the only web filtering that would work would have to be running on the VPN's servers.

Anyone with additional knowledge may feel free to correct me if I'm way off, but having dealt with similar issues in the past with VPNs and the like, this is my suspicion.

Share this post


Link to post
Share on other sites

Informative post exile360.  👍

I wonder if Kaspersky would also affect Malwarebytes Browser Guard from operating?   I only ask as I personally haven't used Malwarebytes Browser Guard as I'm an old fashioned Edge user and it isn't out for that browser.  Maybe when the new chromium based Edge comes out Malwarebytes might support it.

Share this post


Link to post
Share on other sites

I don't *think* it would since an extension within the browser should be able to identify domains/IPs correctly based on the browser's own address bar etc., which should be transparent to things like VPNs and proxies etc. so if you are willing to use a Chromium based browser or Firefox and you install Malwarebytes Browser Guard you should be in pretty good shape, at least as far as web browsing is concerned (which is the primary use for Web Protection anyway, though there are a few additional corner cases that make Web Protection quite useful still).  The new Chromium based Edge browser is one option, or you could go with something like SRWare Iron (which is what I use personally; the portable version of course), or Vivaldi among others.

It is possible that I am wrong of course, and Kaspersky might just be messing with Web Protection in some other way.  To know for certain, and to hopefully aid the Developers in finding a solution if it is possible, please open Malwarebytes and go to Settings>Application and enable the option for event log data, then restart your system, allow everything to start up, then try browsing to a site that should be blocked but isn't, then browse to one that should be blocked and is (one of the IP's you mentioned), then disable Web Protection, wait about 30 seconds, then enable it again and again wait about 30 seconds, then you can disable the event log data option in Malwarebytes (you don't want to leave it active as those logs can get pretty large pretty fast), then do the following:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Thanks

Share this post


Link to post
Share on other sites
6 hours ago, exile360 said:

I don't *think* it would since an extension within the browser should be able to identify domains/IPs correctly based on the browser's own address bar etc., which should be transparent to things like VPNs and proxies etc. so if you are willing to use a Chromium based browser or Firefox and you install Malwarebytes Browser Guard you should be in pretty good shape, at least as far as web browsing is concerned (which is the primary use for Web Protection anyway, though there are a few additional corner cases that make Web Protection quite useful still).  The new Chromium based Edge browser is one option, or you could go with something like SRWare Iron (which is what I use personally; the portable version of course), or Vivaldi among others.

It is possible that I am wrong of course, and Kaspersky might just be messing with Web Protection in some other way.  To know for certain, and to hopefully aid the Developers in finding a solution if it is possible, please open Malwarebytes and go to Settings>Application and enable the option for event log data, then restart your system, allow everything to start up, then try browsing to a site that should be blocked but isn't, then browse to one that should be blocked and is (one of the IP's you mentioned), then disable Web Protection, wait about 30 seconds, then enable it again and again wait about 30 seconds, then you can disable the event log data option in Malwarebytes (you don't want to leave it active as those logs can get pretty large pretty fast), then do the following:

 

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

 

Thanks

Here you go Exile360,  hopefully the logs will help

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Hello  @alhazred

I hope you are doing well.

My first question is this:   Can you let me know just what domains / links you visited  …..the top of your topic mentioned

Quote

So I visited Malwarebytes Threat Center and visited a few of the domains listed that Malwarebytes blocks and I was able to visit all of them and they weren't blocked.

 

Share this post


Link to post
Share on other sites

I notice that EDGE is the default browser.   There were several Malwarebytes web protection blocks on the 17th of September;   all when EDGE was in use.

Here were the blocks reported that had details on sites

"openload.co"
"dolohen.com"
"onesearch.org"
"deloplen.com"
"rpgmasterleague.com"
 

Have any of those re-occurred since then, or in the past week to 10 days ?

Share this post


Link to post
Share on other sites

If anyone here is having difficulties when running Malwarebytes Premium along with Kaspersky 2020, then please see posting on this post

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.