Jump to content

Recommended Posts

Hello,

I suddenly got this alert :

16:42:59 user IP-BLOCK 95.211.19.166 (Type: outgoing, Port: 49246, Process: avp.exe)

16:43:07 user IP-BLOCK 95.211.19.166 (Type: outgoing, Port: 49250, Process: avp.exe)

16:51:16 user IP-BLOCK 95.211.19.166 (Type: outgoing, Port: 49597, Process: avp.exe)

I would not ask about this but avp.exe belongs to KIS.

What does it really mean ?

The site belongs to bpost.be and should be safe, just wanted to check something.

Regards.

Link to post
Share on other sites

Malwarebytes program will block IP addresses that is potentially a threat to the user. Sometimes the program will provide what is know as a "false positive" in which instance it will block a website that is potentially a threat, but in reality is not a threat. This can easily be fixed by following the steps below.

1) Visit the site again that is being blocked.

2) When the pop-up alert IP-BLOCK 95.211.19.166 (Type: outgoing, Port: 49246, Process: avp.exe) shows, click the X on the balloon and then right click on the Malwarebytes program in the system tray.

3) You will notice that Add to Ignore list option is no longer grayed out, and when you hang your mouse over it, the IP address you are having issues with will be shown. Click on the IP address and the Malwarebytes program will no longer prevent you from visiting that site.

Also please go Here and post a new topic in our false positive forums. Hope this information is helpful.

Link to post
Share on other sites

Just to add a bit of clarification here, the reason you're seeing the process as avp.exe instead of your internet browser's process (iexplore.exe, firefox.exe etc) is because Kaspersky has a feature where it hooks into your browsers and intercepts all web traffic to check for infections and malicious links so the operating system (and thus Malwarebytes' Anti-Malware as well) interprets the process accessing the site to be Kaspersky (avp.exe).

I know because I myself also use Kaspersky. I believe the same also happens with Avast! antivirus products for the same reason :).

Link to post
Share on other sites

Just to add a bit of clarification here, the reason you're seeing the process as avp.exe instead of your internet browser's process (iexplore.exe, firefox.exe etc) is because Kaspersky has a feature where it hooks into your browsers and intercepts all web traffic to check for infections and malicious links so the operating system (and thus Malwarebytes' Anti-Malware as well) interprets the process accessing the site to be Kaspersky (avp.exe).

I know because I myself also use Kaspersky. I believe the same also happens with Avast! antivirus products for the same reason :).

Thank you so much for this.

Indeed, I wondered why this happened, this makes it clear ! :)

Link to post
Share on other sites

s because Kaspersky has a feature where it hooks into your browsers and intercepts all web traffic to check for infections and malicious links so the operating system (and thus Malwarebytes' Anti-Malware as well) interprets the process accessing the site to be Kaspersky (avp.exe).

I just wanted to say, thank you for that information Exile :) It's good to know! I was already about 98% sure of that anyway, but this confirms it for me :)

Link to post
Share on other sites

@ exile360: Yes, thanks for that clarification. (I am such a safe surfer that I rarely get an IP block any more, but it's nice to know why it appears as an "avp.exe" process).

One thing along these lines: when I run the "checkplaces" add-on for FF (a bookmark utility), I do get an IP block message -- apparently there is a bookmark somewhere in my list of saved bookmarks (some of which are pretty old and predate my use of MBAM) that must be on a bad IP range. The only time this pops up is when running the utility, so it must be a bookmark I don't commonly use.

But how can I backtrack from the IP to know which bookmark it is, so that I can safely delete it???

(Not wishing to hijack the OP's thread, so please feel free to split this off as a new thread, if appropriate.)

@ Haleo: Ought not the OP post the IP to the FP forum FIRST to be sure it is indeed a FP, before adding it to the ignore list, for safety's sake? (Just asking...)

Much obliged,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.