Jump to content

google.com websites blocked by malwarebytes

syncronaut

By syncronaut
in Website Blocking

 Share
Go to solution Solved by Dashke,

Recommended Posts

  • Replies 449
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Dashke
Dashke

September 21, 2022 - False positive with Google On September 21, 2022, users may have experienced an issue with the real-time web filtering component of our product blocking certain domains, incl

Newb
Newb

In case anyone is still wondering. A small update was released a few minutes ago, the issue has been fixed. Simply update your malwarebytes and you're good to go.

ChrisM51
ChrisM51

Same problem with Google URLs. Too many to keep adding to exclusion list. Please get this fixed. Had to turn off Malwarebytes.

Posted Images

Spyderturbo007

Spyderturbo007

Posted
Posted
8 minutes ago, Maurice Naggar said:

This is a false positive which is cured by a new Update. Please see https://forums.malwarebytes.com/topic/290367-malwarebytes-keep-prompting-outbound-connections-blocked/?do=findComment&comment=1534624

With regrets for all the trouble.

What do we do if we are a MSP managing hundreds of endpoints through OneView (which is currently down)?  I can't even submit a ticket let alone push updates to client machines. This is on the dashboard of OneView.

We are aware of longer load times accessing certain pages in the console and are actively working to resolve the issue. Your endpoints remain protected as configured via your policies. Our apologies for the inconvenience.

Link to post
Share on other sites
  • Staff
TeMerc

TeMerc

Posted
  • Staff
Posted
21 minutes ago, cmi-help said:

Web protection is blocking our site: www.camico.com.

Customers using Malwarebytes are the only ones reporting this issue. Files attached. Thank you.

false trojan detected.txt 722 B · 2 downloads scanned.txt 1.19 kB · 1 download

Hello, thanks for bringing this to our attention. We've reviewed the IP(was not a domain block) again and have determined it no longer warrants being blocked so we've disabled the block in our database. 

Removal should be reflected in the next database update going out in a few hours or so.

Link to post
Share on other sites
  • TeMerc locked this topic
kelizabeth

kelizabeth

Posted
Posted
13 minutes ago, Maurice Naggar said:

This is a false positive which is cured by a new Update. Please see https://forums.malwarebytes.com/topic/290367-malwarebytes-keep-prompting-outbound-connections-blocked/?do=findComment&comment=1534624

With regrets for all the trouble.

Thank you all so much for fixing it so quickly! It's up to date and no longer throwing the warnings. Thank you again!

  • Like 2
Link to post
Share on other sites
  • Staff
  • Solution
Dashke

Dashke

Posted
  • Staff
  • Solution
Posted (edited)

September 21, 2022 - False positive with Google

On September 21, 2022, users may have experienced an issue with the real-time web filtering component of our product blocking certain domains, including google.com. Once alerted to the problem, our product team resolved the issue and released an update to our web protection database (version 1.0.60360).

We apologize for the inconvenience this may have caused you and your organization and remain committed to the highest standards of product quality and technical excellence.

Cause

Why did this happen? This morning, during a routine update, an error was introduced into the Malwarebytes web filtering database which caused various domains to be inadvertently blocked. We are performing an exhaustive analysis of our process to ensure an issue of this type does not affect our customers again, and we will be putting in place new procedures as a result.

Resolution

Our product team resolved the issue and released an update to our web protection database (version 1.0.60360). This update is applied during the normal update process, and the issue should automatically resolve (in some cases, updating to the latest database may require temporarily disabling the web filtering feature).

 

https://support.malwarebytes.com/hc/en-us/articles/9752002186131-September-21-2022-False-positive-with-Google

 

Edited by Dashke
  • Thanks 4
Link to post
Share on other sites
overclockable

overclockable

Posted
Posted

Hello, I had three instances yesterday where Steamwebhelper (an application supporting the Steam game app) flagged Outbound Connections to “youtube-ui.l.google”. The thing is that during those events I was playing a game and not making any direct interaction with youtube. I traced the IP back to what seems a legitimate data center of Google LLC in California. Is this also a false positive, i.e. can Steamwebhelper interact w/ Google/youtube in such indirect manner? I can provide full scan logs (all clean by both MBAM and ESET) and the popup log - shall I do this? Thanks very much.

Link to post
Share on other sites
cmi-help

cmi-help

Posted
Posted
On 9/21/2022 at 10:43 AM, TeMerc said:

Hello, thanks for bringing this to our attention. We've reviewed the IP(was not a domain block) again and have determined it no longer warrants being blocked so we've disabled the block in our database. 

Removal should be reflected in the next database update going out in a few hours or so.

 

Hello. Nothing has changed for us. camico.com is still being blocked and is categorized as a Trojan.  Please help!

 

 

-Log Details-
Protection Event Date: 9/22/22
Protection Event Time: 1:47 PM
Log File: d0b22aee-3ab7-11ed-abee-000c29297007.json

-Software Information-
Version: 4.5.14.210
Components Version: 1.0.1767
Update Package Version: 1.0.60360
License: Trial

-System Information-
OS: Windows 11 (Build 22000.978)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 45.79.226.246
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

 

(end)

Link to post
Share on other sites
langshipley

langshipley

Posted
Posted
14 minutes ago, cmi-help said:

 

Hello. Nothing has changed for us. camico.com is still being blocked and is categorized as a Trojan.  Please help!

 

 

-Log Details-
Protection Event Date: 9/22/22
Protection Event Time: 1:47 PM
Log File: d0b22aee-3ab7-11ed-abee-000c29297007.json

-Software Information-
Version: 4.5.14.210
Components Version: 1.0.1767
Update Package Version: 1.0.60360
License: Trial

-System Information-
OS: Windows 11 (Build 22000.978)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 45.79.226.246
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

 

(end)

Have you tried doing an update to the latest version of Malwarebytes? That was a problem yesterday with most sites and the update pretty much fixed it right away. Try doing that. Settings/About/Check for updates.

Link to post
Share on other sites
cmi-help

cmi-help

Posted
Posted

Yes we've tried manually updating, restarting the service and rebooting throughout the days. No change. My version numbers were posted. Are they old?

This morning there's no change in version numbers for me when I manually update. Can you access camico.com with Malwarebytes running? 

We don't use this in our own environment, aside from the several installs in our testing environment. All installs of ours are still showing blocked. Our customers that have Malwarebytes installed are telling us this is happening. 

Thanks in advance. 

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
43 minutes ago, cmi-help said:

Yes we've tried manually updating, restarting the service and rebooting throughout the days. No change. My version numbers were posted. Are they old?

This morning there's no change in version numbers for me when I manually update. Can you access camico.com with Malwarebytes running? 

We don't use this in our own environment, aside from the several installs in our testing environment. All installs of ours are still showing blocked. Our customers that have Malwarebytes installed are telling us this is happening. 

Thanks in advance. 

The updates that will correct this block and others are paused at this time,

Please Reference:

September 21, 2022 - False positive with Google

 

PDF Contents:

Quote

ROOT CAUSE ANALYSIS:
Malwarebytes Nebula/MBAM - Web Protection False Positive
22 Sept 2022
Revision: 1.2 Date: 22 Sept 2022
Malwarebytes Customer Confidential
Malwarebytes Products Affected:
• Nebula cloud products
o Malwarebytes Endpoint Protection
o Malwarebytes Endpoint Protection for Servers
o Malwarebytes Endpoint Detection and Response
o Malwarebytes Endpoint Detection and Response for Servers
• Malwarebytes OneView
• Malwarebytes 4
Event Description:
On 21 September 2022 (06:48 PDT), customers using the above-listed products began reporting the blocking
of certain domains, including google.com. Upon learning of the issue, the Malwarebytes engineering team
worked rapidly to resolve the issue by introducing a rollback procedure to correct the problem with version
1.0.60360. (8:25 PDT). Upon further investigation, it was discovered that unwanted blocking started in version
1.0.60357 where, during an effort to centralize and standardize rules in our repository engine, an error was
introduced into the web filtering database. This error caused various domains to be inadvertently blocked.
As of 22 September 2022 (9:22 PDT), Malwarebytes has fixed the root cause for this issue and added additional
system checks to prevent any similar scenarios from happening again. We continue to identify additional areas
for improvement to further improve reliability and limit false positives.
We plan to resume all updates for our products shortly. In the meantime, our cloud protection technologies
are providing added protection to our customers until all other signature updates are released.
We appreciate your patience as we continue to review existing processes and make additional improvements.
Corrective Actions Taken
The following Corrective Actions have been identified:
• A database update was made (version 1.0.60360) available for all users which removed the offending
rules. This prevents the false positive from occurring for any customer.
• New system checks were added to prevent the same scenario from happening again.
• Malwarebytes Support advised customers to disable web filtering until the product is automatically
updated to the latest version (1.060360 or higher), which resolves the issue.
• Malwarebytes is continuing to perform exhaustive analysis of our processes to ensure this type of
issue does not affect our customers again.
What Should Affected Users Do?
Updating the database to version 1.0.60360 (or newer) should prevent the blocks to occur.
Our Commitment to Our Customers:
We are putting in place new procedures to prevent any future incidents. We sincerely apologize for the
inconvenience caused to our business partners and remain committed to maintaining the highest standards
of product quality and technical excellence.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
Just now, wpc09 said:

It is not late on September 23, 2022 qand Malwarebytes continues to block all Google sites. I have asked Malwarebytes to update itself several times over the past 48 hours and it is not updating to the fix.

Something is not right there.

Please start a new topic and we can work with you in the new topic.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.