Beta 4.0.2

[EdK]

1. Provide website name visited that resulted in MB trojan block so no longer go there.

 

[nikhils]

Hello @EdK

Can you please explain what the issue you are seeing. I did not understand the issue.

[EdK]

MB does scans of the system and website blocks during use. Outputs from these scans provide findings...recently I was notified of attempted trojan attack. However there is insufficient info provided by MB about which website attempted trojan placement so I can avoid returning to that website. 

[exile360]

It's possible that the content being blocked was from an embedded ad or other third party content being linked to on a website you were visiting.  Unfortunately I don't know of a way to determine which site it was after the fact unless you can somehow correlate the timing of the block event in your protection log to the site you were visiting at the time in your web browser (assuming the block originated from your browser).  Usually these types of blocks aren't anything to be concerned about since Malwarebytes blocked the content, and Malwarebytes blocks some ad networks and hosting providers deliberately in their entirety because they are known to be malware friendly (in other words they fail to respond to/deal with abuse reports and reports of malicious contents on their networks) so blocks of this nature can be quite common and difficult to avoid, especially on sites that host a lot of ads, and particularly ads of a less reputable nature which tend to be hosted on ad networks that tend to be less picky about who their clients are and what they are doing with the ad space provided to them.

[EdK]

Thx.  But I dont expect you to go back to past events.  What I am suggesting is that when MB finds and addresses an issue, such as this case of scan reported blocks of trojans, to include in that scan report what site was blocked...when the trojan is stopped should be able to report what site or IP address.  Thank you and I am enjoying the product.

[exile360]

It does create a report for all block events (it isn't a scan by the way; Malwarebytes uses a block list of malicious sites and servers that hooks directly into the network stack using the same WFP APIs that are used by the built in Windows Firewall which allows it to block malicious connections to and from your system for all applications and the system itself rather than being restricted to your web browser which makes it quite powerful).  You should be able to find an entry in your Reports tab showing that it was a web block and listing the date and time of the block event, and if you open it, it should reveal the URL/domain and/or IP address (depending on the type of connection) along with the application/executable that attempted to make the connection (such as your web browser if that was the application being used that incurred the block).

[EdK]

MB does scans of the system and website blocks during use. Outputs from these scans provide findings...recently I was notified of attempted trojan attack. However there is insufficient info provided by MB about which website attempted trojan placement so I can avoid returning to that website. 

[EdK]

So the solution for MB customers is to pursue an IP address instead of providing the website name?  Doesnt seem user friendly.  You are welcome to call me to further discuss or I can call you if you provide contact info.

[exile360]

No, again, it isn't scanning, but that's not really the point.  Whether or not it shows the website/URL depends on the type of connection.  The source of a connection always has an IP address which is the physical address of the server on the internet, however not every IP connection has a URL/website so it might just show an IP address.  Again, it will be in your protection logs where it shows the detection.  If you can open the log and export it here using the Export>Copy to Clipboard function and paste it into your reply or export it as a .txt file and attach it to your next reply we can take a look and tell you more about the block event.