Jump to content
illusionist

Microsoft IP fps - FIXED

Recommended Posts

Shadowwar, considering your words,  I suppose that this is not a real threat. Perhaps is a signal that malwarebytes works perfectly and really protect our sistems, allowing that we manage the Operating Sistems as we what, and not ( the Microsoft ) as they what. Thanks for you answer. I can now take some rest. Best regards from Lisbon, Portugal.

Share this post


Link to post
Share on other sites

Microsofts IPs & domains got blacklisted. Probably not a coincidence that it's their Azure platform with shared hosting. Some user probably got an infection and as a result a whole class c ip address block got blacklisted.

Share this post


Link to post
Share on other sites

Microsofts IPs & domains got blacklisted. Probably not a coincidence that it's their Azure platform with shared hosting. Some user probably got an infection and as a result a whole class c ip address block got blacklisted. It's not just malwarebytes reporting false positives.... someone really screwed the pooch on this one lol.

Share this post


Link to post
Share on other sites

Hello, Tin_Man_0, so Microsoft Updates and many changes they want to make about our equipments and OS is a kind of  invasion on our computers. And all of we, users of Microsoft like Windows 7, 8 or 10, like I have, should block also their updates.

Share this post


Link to post
Share on other sites
Just now, JorgeCipriano1971 said:

Hello, Tin_Man_0, so Microsoft Updates and many changes they want to make about our equipments and OS is a kind of  invasion on our computers. And all of we, users of Microsoft like Windows 7, 8 or 10, like I have, should block also their updates.

You're right. Your choices are to stop using Microsoft or accept that they will ivade on a regular basis. It says so right in the service agreement that noone bothers to read lol. Linux is better anyway.

Share this post


Link to post
Share on other sites

Well, i use Microsoft for more than 20 years. It's har for me to change for Linux. I've tried, but I didn't get it. My skills are not properly in Information Technologies.However, I've talked before, with some other users, and they even maden a downgrade for the windows 7 and without Upgrades. And they keep working without this Mirosoft's bulshitts. Even with the Windows 10, and I've already talked with an expert, he said that Updates over they are useless, doesn't add anything and are not essential for the normal using of our equipments. Thanks a lot for your answer, Tin_Man. I can take  definitely rested.

Share this post


Link to post
Share on other sites

I can confirm that the False Positive issue with some Microsoft logins has been fixed using the latest update packages.
Versions as below are working flawlessly.
Malwarebytes 4:  4.0.4.49
Update:  1.0.19002
Component:  1.0.823.

Thank You Malwarebytes!!!

Share this post


Link to post
Share on other sites

Well, my friends, since I've exposed this question, and without have done anything else, for now this server and its IP's have stoped. Here in Portugal is 22h29. and last warn was at 19h41 (here). So confirms what some answers here have posted. thank you very much.

threat 3.png

Share this post


Link to post
Share on other sites

To calm my rampant anxiety on this issue can someone please just confirm to me that the following notification I received is also part of this false positive problem?

I only received it once but that was right before I had to run out to a meeting and this was all I could think about. Here's the log file. I have since update to the latest Update Package and Component Package versions and haven't received any notifications since. This is also one of the false positives related to this thread right?

@Zynthesist @Dashke @shadowwar @AdvancedSetup

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18998
License: Premium

-System Information-
OS: Windows 10 (Build 18362.628)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: fe-bl02p-msa.trafficmanager.net
IP Address: 40.90.137.124
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

Thanks!

 

MBAM1.JPG

Share this post


Link to post
Share on other sites
1 minute ago, Steve1982 said:

This is also one of the false positives related to this thread right?

Yes it is. Are you up to this version?

 

2020-02-10_16h56_49.png

Share this post


Link to post
Share on other sites

Yes, Steve. I supose it's the same thing, but with a differente domain.

Share this post


Link to post
Share on other sites
5 minutes ago, Porthos said:

Yes it is. Are you up to this version?

Thanks, I am ... 1.0.19004.

So you're 100% sure this is a FP? How do you know for sure ... is it based on the domain, the IP, etc.? Did MBAM post a list somewhere? Just curious. Believe it or not, this is actually the first real-time web detection I have ever received because I'm excruciatingly careful about my browsing habits so needless to say, I almost had a heart attack when that alert popped up ! 😬

Share this post


Link to post
Share on other sites
4 minutes ago, Steve1982 said:

Thanks, I am ... 1.0.19004.

So you're 100% sure this is a FP? How do you know for sure ... is it based on the domain, the IP, etc.? Did MBAM post a list somewhere? Just curious. Believe it or not, this is actually the first real-time web detection I have ever received because I'm excruciatingly careful about my browsing habits so needless to say, I almost had a heart attack when that alert popped up ! 😬

Quote

Domain: fe-bl02p-msa.trafficmanager.net

Everything from that domain and the assorted IP's was a false positive.

Edited by Porthos

Share this post


Link to post
Share on other sites
1 minute ago, Porthos said:

Everything from that domain was a false positive.

Okay thanks, my anxiety levels are almost back to normal 🙂

Share this post


Link to post
Share on other sites
Just now, Steve1982 said:

Okay thanks, my anxiety levels are almost back to normal 🙂

Relax, Stuff happens from time to time. It does get fixed pretty fast though.

Those FP's were official Microsoft servers that control many services including One Drive for example and quite a few others.

Share this post


Link to post
Share on other sites
6 hours ago, Porthos said:

Relax, Stuff happens from time to time. It does get fixed pretty fast though.

Those FP's were official Microsoft servers that control many services including One Drive for example and quite a few others.

So, riddle me this. This "fix" Malwarebytes pushes out corrects the "false positives" by doing what? As far as I can tell they only have a couple of choices. Either A. put those critical Microsoft servers on the ignore list or B. Remove the blacklist entries that are related to the servers. Both options are fine and dandy for the notifications, but what if, the unthinkable happed and Microsoft's servers really are infected? Wouldn't this fix simply silently allow the virus to spread instead? I'm curious as to how this could be fixed without Microsoft assuring it's not a virus that triggered the whole thing to begin with?

Share this post


Link to post
Share on other sites
1 minute ago, Tin_Man_0 said:

So, riddle me this. This "fix" Malwarebytes pushes out corrects the "false positives" by doing what? As far as I can tell they only have a couple of choices. Either A. put those critical Microsoft servers on the ignore list or B. Remove the blacklist entries that are related to the servers. Both options are fine and dandy for the notifications, but what if, the unthinkable happed and Microsoft's servers really are infected? Wouldn't this fix simply silently allow the virus to spread instead? I'm curious as to how this could be fixed without Microsoft assuring it's not a virus that triggered the whole thing to begin with?

This was a Malwarebytes mistake and had nothing to do with anything wrong with Microsoft and their servers or IP's.

That is why it was a false positive. Simple as that.

Once the Malwarebytes updated database was applied all was back to normal.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.