Jump to content

MBAM blocks FlexNet Publisher access to 169.254.159.254


Recommended Posts

Dear Friend,

This is beyond my level but I thought that I might ask.

This morning, first thing, I updated Adobe Flashplayer (after receiving a note that it was ending in December and a suggestion that I uninstall the program).

Almost immediately, I have started to receive a message that Malwarebytes is blocking FlexNet Publisher's FNPLicensingService64.exe from accessing 169.254.169.254 as a possible Trojan.

OK. Then this message of a blockage repeats every 2 minutes.

There is not much on the web about this, although an older reference in the Revenera FNP website indicates that this may be FlexNet Publisher doing a "virtualization check", perhaps for Amazon.

https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/FNP-calling-IP-address-169-254-169-254/ta-p/3069

Do you know if this is a Trojan?

I did uninstall Adobe Flashplayer entirely. But Malwarebytes continues to block FlexNet Publisher every two minutes attempts to contact 169.254.169.254

Should the blocks continue? Or is this a false positive? Should I make an exclusion?

Thanks,
Mike MacKuen

Malwarebytes Block of 254.169.254.169 (10-17-2020).txt

Link to post
Share on other sites

Greetings,

I do believe this to be a false positive and am awaiting confirmation.  In the meantime I've alerted the Research team and one of them should be along to investigate the issue soon.

Link to post
Share on other sites

I'm having the same problem this morning on start-up. Before even accessing the internet I started getting the Trojan warning blocking website at IP address 169.254.169.254, outbound on port 80

I get the same message every 2 minutes or so.

I shut down, did a fresh restart, doesn't help.

Link to post
Share on other sites

Greetings,

I believe this to be a false positive and I have alerted the Research team.  A member of Research should be along to investigate and correct the issue soon, assuming it is indeed a false positive, and they will let us know if it is not a false positive as well so that we may deal with the potential threat accordingly.

  • Like 2
Link to post
Share on other sites

I just started getting a similar detection this morning, but for SQL Express and AMD User Experience Program Master.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/17/20
Protection Event Time: 11:18 AM
Log File: 06c26aac-108c-11eb-b27a-10c37b9d8424.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1070
Update Package Version: 1.0.31510
License: Premium

-System Information-
OS: Windows 10 (Build 19041.572)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 169.254.169.254
Port: 80
Type: Outbound
File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

(end)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/17/20
Protection Event Time: 11:30 AM
Log File: a6f5f902-108d-11eb-b037-10c37b9d8424.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1070
Update Package Version: 1.0.31512
License: Premium

-System Information-
OS: Windows 10 (Build 19041.572)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 169.254.169.254
Port: 80
Type: Outbound
File: C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe

(end)

Link to post
Share on other sites
3 minutes ago, Junderscore said:

I seem to be still having this issue. Malwarebytes says it is up to date, but I keep getting the "Website blocked due to Trojan" popup every minute.

Please clear your hubble cache by doing the following:

  1. Click on the Malwarebytes icon in the system tray
  2. Select "Quit Malwarebytes"
  3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
  4. Delete the file HubbleCache
  5. Open Malwarebytes
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.