Jump to content

Recommended Posts

I am using the free version (4.16.7) on a MacBook Pro (16" 2019), MacOS 12.15.1. PiHole reports blocking traffic to telemetry.malwarebytes.com every 5 minutes. In Malwarebytes preferences, the item "Usage and Threat Statistics" is unchecked. I do not have Malwarebytes installed on any other devices, and I have verified that the IP address reported by PiHole is my laptop.

Why is Malwarebytes trying to make connections to telemetry.malwarebytes.com?

image.thumb.jpeg.88aa929343bd5a848184250c79dbe081.jpeg

image.thumb.jpeg.ddee0eacc8fea3cd180f74f460378c71.jpeg

Bill Halberstadt

 

Link to post
Share on other sites

I have observed same and suppose I should have challenged it here long ago. I'm not sure what pi-hole blacklist it's included in, but obviously somebody believes the connection to include tracking or other types of data that needs to be blocked. I would gratefully whitelist it if I learn that providing this connection would be mutually beneficial to Malwarebytes and I.

Link to post
Share on other sites

1 hour ago, BillHalberstadt said:

Can anyone from Malwarebytes comment on why Malwarebytes free is "phoning home" even with its "Usage and Threat Statistics" option unchecked?

There is one daily check-in sent to telemetry.malwarebytes.com, regardless of the status of that setting. (This is the "client data.") This just sends some basic info, like Malwarebytes version, macOS version, hardware architecture, license state, etc - nothing that is sensitive. It will normally be sent only once per day... but if the connection fails, it will retry periodically. I suspect that, because there is a network connection, but the connection to that server is being blocked, the software is probably seeing this as a temporary issue and the retries are more frequent.

Just FYI, the data that is not sent when you turn off that option is:

  • Data on protection-related activity (scans, RTP events) and any detections
    • This data does not include copies of files that were detected
  • Data on how you interact with the app... ie, buttons you click, etc
    • This helps us understand how people interact with the app

None of this data is shared with any other parties, it's solely for our own use to better understand what kinds of threats our customers are seeing and what parts of the app people aren't interacting with (which may indicate unclear user interface or a feature that people don't find useful), so that we can ensure we're protecting folks as well as we can. We are absolutely not in the business of monetizing data about our users.

I personally work a lot with the detection data. It helps me better understand the threats that are out there in the wild. For example, I can see that certain threats that may get a lot of news coverage aren't found on any of our customers' machines, or threats that aren't getting any attention are very widely-distributed. This helps me understand the threat landscape and know how to communicate with customers. It also helps me spot any potential for ways we could improve our detections.

Anyway, long story short, if you unblock telemetry.malwarebytes.com, the client data is pretty insignificant, and nothing else will get sent to the telemetry server with the Usage and Threat Statistics option turned off. You can also opt to continue blocking it, but you'll continue to see those entries in the logs.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.