Jump to content

mbam.exe outbound connections


Recommended Posts

WIN 7 x64 SP1, MBAM Pro.

Over the past month, I have seen four outbound connections in my firewall log from mbam.exe to ports 80 and 443 to IPs:

208.111.160.6

93.184.215.73

173.192.78.64 - twice

As I understand it, mbam.exe is the off-line malware scanner. Since MBAM does not use on demand clould lookups as I understand it, why is mbam.exe "dialing out?"

Link to post
Share on other sites

Hello DonZ:

In addition to the authoritative explanation by tedivm on Wilders, presumably your MBAM PRO's scheduler is set for periodic updates. The first two IP addresses are but two members in Malwarebytes' Content Delivery Networks (CDN) from which you receive scheduled & manual MBAM database updates.

HTH :)

Link to post
Share on other sites

Thanks for the tedivm link. Explains a lot.

I however still see an issue here. I beleive MBAM doesn't not have elaborate self-protection such as NIS 2011 and other anti-malware scanners employ. I have seen numerous web postings over the years how mbam.exe has been hacked. If it is desired to dial home to verify licenses and the like, I would think the present mechanism for servicing definition and program updates will surfice.

I might just end up blocking that mbam.exe connection.

Link to post
Share on other sites

Thanks for the tedivm link. Explains a lot.

I however still see an issue here. I beleive MBAM doesn't not have elaborate self-protection such as NIS 2011 and other anti-malware scanners employ. I have seen numerous web postings over the years how mbam.exe has been hacked. If it is desired to dial home to verify licenses and the like, I would think the present mechanism for servicing definition and program updates will surfice.

I might just end up blocking that mbam.exe connection.

Over the years a lot has been made of self protection as some sort of critical component but I assure you it is not for 2 reasons.

1. If you stop the threat it will not be able to kill your software.

2. If you miss the threat it becomes the AV and if coded correctly there is nothing to stop it from killing anything in your system no matter how good the protection is.

That being said we do have plans for some limited self protection and enhanced break in technology in future releases.

One other thing to keep in mind when it comes to heavy handed self protection. I did IT for many years prior to the MBAM project and had to deal with many hundreds of cases were the combination of a missed infection and self protection malfunctions had a system virtually bricked requiring a boot disk to undo the damage.

Two other things are often propped up as critical but in a very real way can actually reduce protection namely email and archive scanning. Your security software either will or will not stop a threat from entering memory. If you are told that your attachments are being scanned before you can open them it provides a false sense of security as even if you turned that feature off, you still could not execute the threat if you software knows that it is malware. You are better off not trusting any attachment and only opening them in a safe environment. Archive scanning can produce the same false sense of security when no actual additional protection is being provided.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.