Protocol 255

[dprout69]

So I just updated from 3 to 4 (specifics below) on two computers and all of a sudden both computers are attempting a new connection with a seemingly strange protocol (reserved)... whats up with this?

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

1. Download Malwarebytes Support Tool
2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
3. Double-click mb-support-X.X.X.XXXX.exe to run the program
   • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
4. Place a checkmark next to Accept License Agreement and click Next
5. You will be presented with a page stating, "Get Started!"
6. Click the Advanced tab on the left column
   
   
    
7. Click the Gather Logs button
   
   
    
8. A progress bar will appear and the program will proceed with getting logs from your computer
   
   
    
9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK
   
   
    
10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
    
       

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/hc/en-us/articles/360038523934

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

[exile360]

Greetings,

We may have to wait for a staff member to respond with a definite answer, however if it occurred shortly following the update or during the startup of Malwarebytes it could have been the new version of the Web Protection driver loading into your network connection for malicious website blocking.  It uses WFP similar to the Windows Firewall and it may be that it is making that type of connection to interact with your network connection on your system.  Again, this is just speculation on my part so we'll have to wait for a definitive response from a member of the staff to know for sure what it's purpose is.

[exile360]

By the way, while I'm not sure this helps, you should also refer to this Malwarebytes support article; it does list at least the existing/known connections for Malwarebytes, however obviously if this connection is new it will not be listed.

[dprout69]

Not certain that an update didnt occur at the moment it starting going off, but it happens multiple times in less than an hour (MB is set to update once an hour).  So that would seem to indicate that its not happening during an update (unless it didnt update for some reason and made multiple attempts... maybe the server was down IDK) and definitely not when MB is starting up.

 

[dprout69]

BTW, Im not 100% sure as of yet because it's only day two, however, I note there are a number of threads on here with people having problems with MB ver 4 and Firefox.  Well I just noted that no sooner did I open Firefox on my second computer that I got the blocked connection message.  I also note that the blocked message popped up on the computer Im on only while Firefox is open.  

So, in summary this just started on two computers just as soon as I upgraded from 3 to 4.

It happens multiple times an hour.

 From what I can tell right now it only happens when Firefox is open (not 100% confirmed).

[dprout69]

Its confirmed... I closed Firefox, walked away from my computers for about an hour, came back and checked my firewall logs and it didnt happen the entire time.  Opened up Firefox on both computers and within moments the connection blocked popup occurred on both.

There are multiple threads about MB4 and FIrefox issues and this appears to be yet another.  Bottom line Protocol 255 is very odd and I wont be opening up that in my firewall unless someone can explain whats happening 

[AdvancedSetup]

It is more than likely due to one of your extensions within Firefox 

You can disable all of your extensions and then enable them one by one to see which one might be causing it or simply reset Firefox back to default which will almost certainly correct the issue. 

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

 

If that does not correct it then we'd need to get logs to check on it further.

 

[dprout69]

As stated, this started on two different computers IMMEDIATELY after upgrading from 3 to 4.  I have no extensions added in Firefox other than what comes as is with the browser.  The whole diagnostics things is a crap shoot.  You have multiple threads on here about problems with MB and Firefox  Is no one at MB able to tell why their program is attempting to make an outbound connection with an obscure protocol??? Seems a bit fishy to me

[AdvancedSetup]

Okay, then please follow the directions from the following KB article and we'll review your logs

https://support.malwarebytes.com/hc/en-us/articles/360039023453

 

[dprout69]

Im not a beta tester.  I learned a long time ago that when MB puts out a new version that you need to wait a couple of months and I did.  You people simply dont do enough testing.  I reverted back to a system image that was created about an hour before I "upgraded" to 4.  There is no longer an issue.  The final straw for me was when the first scheduled scans ran on my computers, since the "upgrade", and one had an unhandled exception and the other had my user interface all jacked up as shown in the screenshot below.

As I said I waited a couple of months since 4 was released and evidently I need to wait a couple of more.

You know MB could really save everyone a lot of headaches by testing more and also by not asking for logs every single time someone has a problem.  You could do a bit more on your side to troubleshoot.  My issue was very basic and Im certain you have testing computers at your facility where Firefox is already installed.  All you had to do on your side was block protocol 255 outbound and you can see the issue yourself and look at all the logs you desire.  The alternative to that is to ask whoever designed it the simple question of why 255  is being used.  People dont have time to keep jumping through hoops.  I've said my peace.  This topic can be closed or someone can be proactive and figure out how this software works and provide an explanation or a fix.

 

[Porthos]

12 minutes ago, dprout69 said:

the other had my user interface all jacked up as shown in the screenshot below.

This is likely caused by the hardware acceleration changes was made to the Malwarebytes version 4 UI.

You can now change the settings in the current version of MB 4

[Porthos]

21 minutes ago, dprout69 said:

You know MB could really save everyone a lot of headaches by testing more and also by not asking for logs every single time someone has a problem. 

I was a beta tester for quite a long time before MB 4 was released for public beta testing. It does get tested and I am a Firefox user since the Win 98 days.

Everyone has different hardware and software combinations on their systems. Logs are for us to see what you have and assist you getting things working correctly for YOU.

Both staff and volunteers like my self are just trying to help with your issues. I have about 400 different users using MB that I manage and am not having issues with any of them.

Edited February 1, 2020 by Porthos

[AdvancedSetup]

Well, without logs there isn't much we can do to assist you. I will go ahead then and close your topic if you like and you can wait it out for a newer release version.

Thank you