Jump to content

Microsoft IP fps - FIXED


Recommended Posts

It keeps saying "website blocked due to phishing" even when I don't even have a browser window open.

 

Are these false positives or real issues? I did a scan and it said it found nothing. But Malwarebytes keeps warning me about phishing. I looked at the history of alerts, and these two things keep coming up again and again:

1.)

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18998
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: lgin.msa.trafficmanager.net
IP Address: 40.90.137.124
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

=======================================================

2.)

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18998
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Users\my_name\AppData\Local\Microsoft\OneDrive\OneDrive.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.137.120
Port: 443
Type: Outbound
File: C:\Users\my_name\AppData\Local\Microsoft\OneDrive\OneDrive.exe

 

And here are the results of the last Malwarebytes scan:

 

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18998
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: my_name

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 697936
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 19 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

Link to post
Share on other sites
  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hello, is this topic "live" as I am getting this phishing blocked outbound this morning : the following website appears malicious- ipv4.login.msa.akadns6.net and has been blocked by Malwarebytes and this is just a false pos happening? Thank you. (I always look up these things that are detected to learn more about it)

Link to post
Share on other sites
13 minutes ago, welbot said:

Thanks for the quick  response. I just had the svchost one show up on me twice and got a bit worried until I found this :)

Had to add login.live.com for my Microsoft Bing Dashboard to my 'allow list' when I never had a problem with it before. Fixed yet?


Link to post
Share on other sites
5 minutes ago, ThomasDillingham said:

 

Let me try this again, since I was clearly ignored by people who have been on this forum and the staff. This worked for me. I confirmed it by uninstalling the update, which caused the problem to re-occur. After again installing it the pop-ups stopped. Install the update related to Microsoft KB4532695 and the issue will stop. Don't take my word for. Try it and watch the magic happen.

Dont have the option to remove it.

updates.JPG

Link to post
Share on other sites

I've been running W10 v1909 for many weeks now. This problem just started this morning. The ONLY thing that changed on my system is a security intelligence update:

image.png.e1d9280bb77917c84afd73833bcbe37c.png

That certainly seems suspicious.

Link to post
Share on other sites

You can add login.live.com to your exclusions, also the following IPs:

40.90.137.126
40.90.137.124
40.90.137.120
login.msa.akadns6.net
akadns6.net

We are working to resolve this for MB4. Sorry for the inconvenience. 

Edited by Zynthesist
add data
Link to post
Share on other sites
17 minutes ago, shadowwar said:

There is still an issue with mb4 only and we are investigating.

 

I can confirm this is still an issue as of now() on Windows 10 Pro (64bit) running ALL latest Windows 1909 updates and patches including KB4532695.
MBAM is 4.0.4.49
Update is 1.0.18998
Component is 1.0.810

Thank you for the amazing product. It has saved my ass a number of times.
I am happy to put up with a couple of false positives every now and then to get powerful real time protection.

Right now I am using Office 365 Online because I don't want to add exclusions and Outlook (desktop) cannot login with lgin.mas.trafficmanager.net being blocked... LOL!

Keep up the good work!!!

mbam.txt

Link to post
Share on other sites

My dears friends and experts.

 

I've been recieved messages, considering this domain and respective IP's as a threat.

 

What kind of agent and threat is this ? should I be worried about that ?

 

Thanks for your help.

Best regards,

 

Jorge

threat 1.png

Link to post
Share on other sites

Shadowwar, I didn't understood your answer, and if that responde to my or other member from this forum. The only thing I need to know is that If I should be worried or not about that. It has started suddenly.

Link to post
Share on other sites

Please open Malwarebytes and check for updates. The following versions should show for the latest updates

MBAM2 Version: v2020.02.10.10
MBAM3 Version: 1.0.14739
MBAM4 Version: 1.0.19000

Please check for updates and this block should no longer occur

 

Link to post
Share on other sites
1 minute ago, JorgeCipriano1971 said:

Shadowwar, I didn't understood your answer, and if that responde to my or other member from this forum. The only thing I need to know is that If I should be worried or not about that. It has started suddenly.

IT was a false detection and nothing to be worried about. Its fixed in the latest released databases.

 

Link to post
Share on other sites
1 minute ago, NeuFang said:

Just want to add to the topic, I've been getting the svchost.exe flags for the past 5-6 months near daily. More recently, several times today. That is why I decided to check up on the forums to make sure the past 6 months hasn't just been a fluke. Seems that people are just noticing these today, but for me it has been several months of the same svchost.exe flags.

This is a separate issue. Please open a separate thread with logs and details. This only affected users today.

Link to post
Share on other sites

Joe_McLeod, that's the question.

 

I'm not interested about Microsoft Updates, all the time and tohave the power to can select them. Everybody knows, how are and what happens with some of those Updates.

 

My Malwarebytes is actualized !!!

 

Check this out, please: 

threat 2.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.