Jump to content

Part 2: False positives ot type OutboundConnection from Jami


Recommended Posts

This is a continuation of a previous topic, which is marked as answered. I cannot respond in that topic.

Despite the wording of the warning from Malwarebytes, it seems to me that this is not just a question of allowing a particular website (so I am not starting this topic in the website category). For the past week or so I have been getting warnings giving another IP address (see attachment). Perhaps a few weeks from now it will be something else? Again, is the warning a false positive because of Jami's distributed nature?

Jami-Malwarebytes flags IP address 4.PNG

Link to post
Share on other sites
  • 3 months later...

Just had an alert from Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/5/20
Protection Event Time: 3:12 AM
Log File: 1e58a7fa-ef47-11ea-9e89-b88584b5e80a.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1025
Update Package Version: 1.0.29469
License: Premium

-System Information-
OS: Windows 10 (Build 19041.450)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Savoir-Faire Linux\Jami\Jami.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 61.52.36.83
Port: 4486
Type: Outbound
File: C:\Program Files\Savoir-Faire Linux\Jami\Jami.exe

 

(end)

Link to post
Share on other sites
25 minutes ago, ArbyMcPatriot said:

Why would Jami try to connect to China? All my contacts are in the USA.

Jami (formerly GNU Ring, SFLphone) is a SIP-compatible distributed peer-to-peer softphone and SIP-based instant messenger for Linux, Microsoft Windows, OS X, iOS, and Android.

As for why Malwarebytes blocks  Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses P2P based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, p2p based software may be perfectly safe, some of the sites hosted on some of the IP addresses that p2p based software connects to may be malicious.  Such connections are not a threat however, and you may exclude p2p based software from the Web Protection component in Malwarebytes to stop the blocks from happening.

It is possible this IP is now just a false positive and will be removed. Staff will research it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.