oldschoolblue Posted September 21, 2022 ID:1534662 Share Posted September 21, 2022 38 minutes ago, jmargel said: Yep I can't login to Nebula to get my clients updated. Try again. I've been in it all morning but everything has been broken. Just tried again and it is responding like normal now. Link to post Share on other sites More sharing options...
Porthos Posted September 21, 2022 ID:1534665 Share Posted September 21, 2022 Nebula users might have to wait until the auto database update. Link to post Share on other sites More sharing options...
Spyderturbo007 Posted September 21, 2022 ID:1534669 Share Posted September 21, 2022 8 minutes ago, Maurice Naggar said: This is a false positive which is cured by a new Update. Please see https://forums.malwarebytes.com/topic/290367-malwarebytes-keep-prompting-outbound-connections-blocked/?do=findComment&comment=1534624 With regrets for all the trouble. What do we do if we are a MSP managing hundreds of endpoints through OneView (which is currently down)? I can't even submit a ticket let alone push updates to client machines. This is on the dashboard of OneView.We are aware of longer load times accessing certain pages in the console and are actively working to resolve the issue. Your endpoints remain protected as configured via your policies. Our apologies for the inconvenience. Link to post Share on other sites More sharing options...
Barbara_M Posted September 21, 2022 ID:1534670 Share Posted September 21, 2022 That’s Google adserve not adverse (stupid spellcheck) Also things seemed to start after I updated Firefox. The first site I opened which was Accuweather. Link to post Share on other sites More sharing options...
Staff TeMerc Posted September 21, 2022 Staff ID:1534671 Share Posted September 21, 2022 21 minutes ago, cmi-help said: Web protection is blocking our site: www.camico.com. Customers using Malwarebytes are the only ones reporting this issue. Files attached. Thank you. false trojan detected.txt 722 B · 2 downloads scanned.txt 1.19 kB · 1 download Hello, thanks for bringing this to our attention. We've reviewed the IP(was not a domain block) again and have determined it no longer warrants being blocked so we've disabled the block in our database. Removal should be reflected in the next database update going out in a few hours or so. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 21, 2022 ID:1534672 Share Posted September 21, 2022 For Spyderturbo007 there is a specific section of forum for business "ENDPOINTS" Link to post Share on other sites More sharing options...
kelizabeth Posted September 21, 2022 ID:1534674 Share Posted September 21, 2022 13 minutes ago, Maurice Naggar said: This is a false positive which is cured by a new Update. Please see https://forums.malwarebytes.com/topic/290367-malwarebytes-keep-prompting-outbound-connections-blocked/?do=findComment&comment=1534624 With regrets for all the trouble. Thank you all so much for fixing it so quickly! It's up to date and no longer throwing the warnings. Thank you again! 2 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 21, 2022 ID:1534678 Share Posted September 21, 2022 @Spyderturbo007 If your organization has the Nebula product, see section https://forums.malwarebytes.com/forum/268-malwarebytes-nebula/ Link to post Share on other sites More sharing options...
Porthos Posted September 21, 2022 ID:1534679 Share Posted September 21, 2022 This has been fixed by a database update Please do a manual update. Link to post Share on other sites More sharing options...
Spyderturbo007 Posted September 21, 2022 ID:1534680 Share Posted September 21, 2022 @Maurice Naggar Thanks! It looks like they have updated the database and it just took some time to propagate to the clients. I'm getting reports that the issue has ceased. 1 1 Link to post Share on other sites More sharing options...
rgrosz789 Posted September 21, 2022 ID:1534682 Share Posted September 21, 2022 Now this error NO longer appears - thanks for resolving it! Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted September 21, 2022 Staff Solution ID:1534694 Share Posted September 21, 2022 (edited) September 21, 2022 - False positive with Google On September 21, 2022, users may have experienced an issue with the real-time web filtering component of our product blocking certain domains, including google.com. Once alerted to the problem, our product team resolved the issue and released an update to our web protection database (version 1.0.60360). We apologize for the inconvenience this may have caused you and your organization and remain committed to the highest standards of product quality and technical excellence. Cause Why did this happen? This morning, during a routine update, an error was introduced into the Malwarebytes web filtering database which caused various domains to be inadvertently blocked. We are performing an exhaustive analysis of our process to ensure an issue of this type does not affect our customers again, and we will be putting in place new procedures as a result. Resolution Our product team resolved the issue and released an update to our web protection database (version 1.0.60360). This update is applied during the normal update process, and the issue should automatically resolve (in some cases, updating to the latest database may require temporarily disabling the web filtering feature). https://support.malwarebytes.com/hc/en-us/articles/9752002186131-September-21-2022-False-positive-with-Google Edited September 21, 2022 by Dashke 4 Link to post Share on other sites More sharing options...
BMD Posted September 22, 2022 ID:1534797 Share Posted September 22, 2022 Problem now seems to have fixed itself without action. Link to post Share on other sites More sharing options...
overclockable Posted September 22, 2022 ID:1534814 Share Posted September 22, 2022 Hello, I had three instances yesterday where Steamwebhelper (an application supporting the Steam game app) flagged Outbound Connections to “youtube-ui.l.google”. The thing is that during those events I was playing a game and not making any direct interaction with youtube. I traced the IP back to what seems a legitimate data center of Google LLC in California. Is this also a false positive, i.e. can Steamwebhelper interact w/ Google/youtube in such indirect manner? I can provide full scan logs (all clean by both MBAM and ESET) and the popup log - shall I do this? Thanks very much. Link to post Share on other sites More sharing options...
Porthos Posted September 22, 2022 ID:1534859 Share Posted September 22, 2022 5 hours ago, overclockable said: Is this also a false positive, i.e. can Steamwebhelper interact w/ Google/youtube in such indirect manner? Yes it can. Link to post Share on other sites More sharing options...
cmi-help Posted September 22, 2022 ID:1534915 Share Posted September 22, 2022 On 9/21/2022 at 10:43 AM, TeMerc said: Hello, thanks for bringing this to our attention. We've reviewed the IP(was not a domain block) again and have determined it no longer warrants being blocked so we've disabled the block in our database. Removal should be reflected in the next database update going out in a few hours or so. Hello. Nothing has changed for us. camico.com is still being blocked and is categorized as a Trojan. Please help! -Log Details- Protection Event Date: 9/22/22 Protection Event Time: 1:47 PM Log File: d0b22aee-3ab7-11ed-abee-000c29297007.json -Software Information- Version: 4.5.14.210 Components Version: 1.0.1767 Update Package Version: 1.0.60360 License: Trial -System Information- OS: Windows 11 (Build 22000.978) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 45.79.226.246 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end) Link to post Share on other sites More sharing options...
VELINDA Posted September 22, 2022 ID:1534916 Share Posted September 22, 2022 Did you try manually updating Malwarebytes? That worked for me Link to post Share on other sites More sharing options...
langshipley Posted September 22, 2022 ID:1534917 Share Posted September 22, 2022 14 minutes ago, cmi-help said: Hello. Nothing has changed for us. camico.com is still being blocked and is categorized as a Trojan. Please help! -Log Details- Protection Event Date: 9/22/22 Protection Event Time: 1:47 PM Log File: d0b22aee-3ab7-11ed-abee-000c29297007.json -Software Information- Version: 4.5.14.210 Components Version: 1.0.1767 Update Package Version: 1.0.60360 License: Trial -System Information- OS: Windows 11 (Build 22000.978) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 45.79.226.246 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end) Have you tried doing an update to the latest version of Malwarebytes? That was a problem yesterday with most sites and the update pretty much fixed it right away. Try doing that. Settings/About/Check for updates. Link to post Share on other sites More sharing options...
langshipley Posted September 22, 2022 ID:1534919 Share Posted September 22, 2022 Have you tried doing an update to the latest version of Malwarebytes? That was a problem yesterday with most sites and the update pretty much fixed it right away. Try doing that. Settings/About/Check for updates. Link to post Share on other sites More sharing options...
cmi-help Posted September 23, 2022 ID:1535054 Share Posted September 23, 2022 Yes we've tried manually updating, restarting the service and rebooting throughout the days. No change. My version numbers were posted. Are they old? This morning there's no change in version numbers for me when I manually update. Can you access camico.com with Malwarebytes running? We don't use this in our own environment, aside from the several installs in our testing environment. All installs of ours are still showing blocked. Our customers that have Malwarebytes installed are telling us this is happening. Thanks in advance. Link to post Share on other sites More sharing options...
Porthos Posted September 23, 2022 ID:1535069 Share Posted September 23, 2022 43 minutes ago, cmi-help said: Yes we've tried manually updating, restarting the service and rebooting throughout the days. No change. My version numbers were posted. Are they old? This morning there's no change in version numbers for me when I manually update. Can you access camico.com with Malwarebytes running? We don't use this in our own environment, aside from the several installs in our testing environment. All installs of ours are still showing blocked. Our customers that have Malwarebytes installed are telling us this is happening. Thanks in advance. The updates that will correct this block and others are paused at this time, Please Reference: September 21, 2022 - False positive with Google PDF Contents: Quote ROOT CAUSE ANALYSIS: Malwarebytes Nebula/MBAM - Web Protection False Positive 22 Sept 2022 Revision: 1.2 Date: 22 Sept 2022 Malwarebytes Customer Confidential Malwarebytes Products Affected: • Nebula cloud products o Malwarebytes Endpoint Protection o Malwarebytes Endpoint Protection for Servers o Malwarebytes Endpoint Detection and Response o Malwarebytes Endpoint Detection and Response for Servers • Malwarebytes OneView • Malwarebytes 4 Event Description: On 21 September 2022 (06:48 PDT), customers using the above-listed products began reporting the blocking of certain domains, including google.com. Upon learning of the issue, the Malwarebytes engineering team worked rapidly to resolve the issue by introducing a rollback procedure to correct the problem with version 1.0.60360. (8:25 PDT). Upon further investigation, it was discovered that unwanted blocking started in version 1.0.60357 where, during an effort to centralize and standardize rules in our repository engine, an error was introduced into the web filtering database. This error caused various domains to be inadvertently blocked. As of 22 September 2022 (9:22 PDT), Malwarebytes has fixed the root cause for this issue and added additional system checks to prevent any similar scenarios from happening again. We continue to identify additional areas for improvement to further improve reliability and limit false positives. We plan to resume all updates for our products shortly. In the meantime, our cloud protection technologies are providing added protection to our customers until all other signature updates are released. We appreciate your patience as we continue to review existing processes and make additional improvements. Corrective Actions Taken The following Corrective Actions have been identified: • A database update was made (version 1.0.60360) available for all users which removed the offending rules. This prevents the false positive from occurring for any customer. • New system checks were added to prevent the same scenario from happening again. • Malwarebytes Support advised customers to disable web filtering until the product is automatically updated to the latest version (1.060360 or higher), which resolves the issue. • Malwarebytes is continuing to perform exhaustive analysis of our processes to ensure this type of issue does not affect our customers again. What Should Affected Users Do? Updating the database to version 1.0.60360 (or newer) should prevent the blocks to occur. Our Commitment to Our Customers: We are putting in place new procedures to prevent any future incidents. We sincerely apologize for the inconvenience caused to our business partners and remain committed to maintaining the highest standards of product quality and technical excellence. Link to post Share on other sites More sharing options...
Porthos Posted September 23, 2022 ID:1535079 Share Posted September 23, 2022 Please update now. Updates seem to be resumed. Link to post Share on other sites More sharing options...
wpc09 Posted September 24, 2022 ID:1535176 Share Posted September 24, 2022 It is not late on September 23, 2022 qand Malwarebytes continues to block all Google sites. I have asked Malwarebytes to update itself several times over the past 48 hours and it is not updating to the fix. Link to post Share on other sites More sharing options...
Porthos Posted September 24, 2022 ID:1535177 Share Posted September 24, 2022 Just now, wpc09 said: It is not late on September 23, 2022 qand Malwarebytes continues to block all Google sites. I have asked Malwarebytes to update itself several times over the past 48 hours and it is not updating to the fix. Something is not right there. Please start a new topic and we can work with you in the new topic. 1 Link to post Share on other sites More sharing options...
desius1 Posted September 28, 2022 ID:1535688 Share Posted September 28, 2022 Problem is resolved after self update. Thank you everyone for the help Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now