Firewall Blocking Malwarebytes

[huffman]

When I got up this morning I had a popup indicating that Malwarebytes was being blocked by the Microsoft Firewall.

I have never seen this before but I tried to unblock it but Malwarebyes is NOT listed the programs being blocked by the Firewall.

I guess I could uninstall Malwarebytes and then reinstall it but I don't believe this would cure the problem.

Does anyone have a suggestion??

 

[huffman]

BTW here is the popup I am seeing:

 

[MoxieMomma]

Hi:

That sounds rather unusual.
MBAM and the native Windows firewall usually play together just fine.
And if things *were* working OK previously, but now you are getting a "conflict", something must have changed on the system to create that.

>>Are you running the current MBAM version (2.2.0.1024)?
>>Aside from the Windows firewall, what are your other security applications?
>>Can you please provide a screen shot or the exact wording of the message?

Yes, you could try a proper clean reinstall of MBAM. The "best practices" for that are here: MBAM Clean Removal Process 2x.
>Be sure to have your license info handy before you start.
>Be sure to reboot when prompted by the removal tool.
>It's a good idea to reboot again AFTER the reinstall.

Another thing to try would be setting mutual exclusions between MBAM and your AV and firewall.
This is NOT normally needed for the Windows firewall or MSE.
So, while it may resolve your issue, I'm not sure why you would need to do this, unless something else is amiss or creating conflicts (e.g. too many security applications).
If you want to go that route, let me know, and I will provide instructions.

Please let us know how it goes,

MM

 

[MoxieMomma]

Ahhhhhhhhhhh.
Our posts crossed in cyberspace....

That is an entirely different "problem".
That is NOT Windows firewall blocking MBAM.
That is the MBAM web/IP blocking module generating IP blocks when using P2P software.

That is not a problem at all.
That is a normal expected behavior when running torrents or other P2P.
MBAM is just doing its job.
This explains why and how to *safely* deal with the blocks: Why does Malwarebytes Anti-Malware block BitTorrent or other Peer-to-Peer Programs?

Please let us know if this explains/resolves your issue.

Thanks,
MM

 

[ThrashZone]

When I got up this morning I had a popup indicating that Malwarebytes was being blocked by the Microsoft Firewall.
?

Your image doesn't say windows firewall is blocking anything :/

 

[Zoloft]

MoxieMomma is absolutely correct. MalwareByes is blocking a seed or peer attempting to connect to your bittorrent program. It's very likely a false positive, and you can whitelist the IP in malwarebytes if you wish, but, as MM stated, this is not a "problem" it's simply MalwareBytes doing it's job!

 

[huffman]

I see now that MWBs is doing the blocking. I followed instructions on how to disable. I expect it is still blocking but just NOT telling me it.

I hope this is NOT the case.

 

[MoxieMomma]

I see now that MWBs is doing the blocking. I followed instructions on how to disable. I expect it is still blocking but just NOT telling me it.

I hope this is NOT the case.

Did you disable the notifications or did you disable malicious IP/website blocking?

If you disabled the notifications, please be aware that there is no way (at this time) to selectively disable ONLY the IP block notifications. So, you will have no way of knowing if other, non-critical notifications from MBAM are also being blocked. You'll probably want to keep an eye on your daily protection & scan logs (Dashboard > History > Application Logs) to monitor for other events.

If you disabled the entire website blocking module, then you have created a significant security vulnerability.
The use of torrents ("legal" or not) is a good way to get infected. The MBAM IP/website blocking module is there to protect you from this common malware vector. MBAM (the acronym/abbreviation we use is not "MWBs") will nag you about having disabled this key protection component (as would your AV if you disabled any of its key components).

Cheers,

 

[MoxieMomma]

It's very likely a false positive, and you can whitelist the IP in malwarebytes if you wish,

Respectfully disagree.
It is likely NOT a F/P.
A F/P means that MBAM is blocking an IP that is "clean".
Given the way that torrents work, it is much more likely that it is a legitimate block and that MBAM is doing its job correctly.
Moreover, there is no need to "whitelist" such blocked IPs, as the blocks generally have no impact on the P2P performance.
IOW the IP block popup notifications are merely a "cosmetic" issue.
"Whitelisting" those IPs would be unsafe and defeats the purpose of running the malicious website protection module.

This explains why: Why does Malwarebytes Anti-Malware block BitTorrent or other Peer-to-Peer Programs?

If you really think that a particular IP block arising from your torrent software *might be* a False Positive, then I suggest starting with THIS PINNED TOPIC for instructions and then submitting the requested info in a new post in the website blocking F/P section of the MBAM forum HERE.
The research team will review the info and determine whether or not it might be safe to remove the block on a particular IP.

Cheers,

MM

 

[Jacee]

The IP comes from Bangladesh ... don't think I'd let it through!

 

[Alejandro85]

The use of torrents ("legal" or not) is a good way to get infected.

That's not correct. Use of torrents themselves has nothing to do with getting infected or not. It's what the torrent carries what might be dangerous (pretty much in the same way as any download obtained in any other imaginable way).

About that particular block, the fact that the antivirus blacklists it may mean there is a seedbox running there, serving many other unrelated torrents, some of them possibly malicious. It's not unreasonable to leave the thing blocked just to be on the safe side, but generally this type of things tend to be false positives, as long as it's just the torrent client the one making the connection.

To be extra careful, the ideal thing to do is to harden your torrent client. Run it in a separate user account, so if that ever finds a vulnerability the damage is vastly restricted. Blocking the connection outright is not a crazy idea too.

 

[Layback Bear]

I surly must be crazy because if Malwarebytes doesn't like something I don't want it on my computer.

Then again I don't use P2P or Torrents of any kind.

 

[MoxieMomma]

Hi:

The use of torrents ("legal" or not) is a good way to get infected.

That's not correct. Use of torrents themselves has nothing to do with getting infected or not. It's what the torrent carries what might be dangerous (pretty much in the same way as any download obtained in any other imaginable way).

I don't use torrents or any P2P, but it seems like a bit of an artificial distinction to separate the "what" from the "how", especially for basic computer users.
While advanced users may be able to deploy specific strategies to "harden" their torrents, it's well described and reported all over security fora (and has been for years) that they are indeed a means of becoming infected, especially for users who don't take added precautions.

And it's simply NOT true (and a dangerous assumption) that the IPs blocked by MBAM in real-time are "false positives", including the IP reported by the OP. They are being blocked for a reason.
This explains why: Why does Malwarebytes Anti-Malware block BitTorrent or other Peer-to-Peer Programs?

And their blocks are largely cosmetic, having no impact on the torrent/P2P performance.
Ignoring or whitelisting those IPs would be considered "softening", not hardening, one's defenses.
In fact, for most basic computer users, adding ANYTHING to the MBAM malware or IP whitelists (except perhaps for one's AV and other security applications) should be done with extreme caution.
A safer approach is to submit the files (for malware) or the IPs/URLs (for IP/website) to the MBAM Research Team for evaluation BEFORE ignoring or whitelisting or excluding them.

I make no claim to being an expert in either torrents or computer security. I am just a home user.
And my replies here are posted from that perspective and from that of a volunteer helper at MBAM forum, to explain the behavior reported by the OP in this thread, with "safe" advice.

As such, I do not wish to participate in a heated debate about the virtues or lack thereof for torrents or other P2P software.

Cheers,
MM

 

[Layback Bear]

Very well said MoxieMomma.
It's been known for years that P2P and or torrents are one of the best ways to get infected. It's not news; well yes it is to some.
That is why I, them, we and others post warnings about using such method of downloading.
That is why security programs give pop up's to warn users.

I have been downloading off the internet for years and never had to use a P2P or torrent.

 

[Zoloft]

Where you get the torrent from, like where you get ANYTHING from, is what matters. A fantastic example, a few years back, a television show, Pioneer 1, was distributed via torrent. If you wanted to see the show, you torrented it. Most (if not all) torrent clients have built in hash-checking, assuring that what you download is only the original, uncorrupted files that were originally seeded. Even if one person in that swarm is infected/is a spammer, etc, you cannot catch anything from them, as any corrupted pieces will not pass the hash check.

Now, if you grab anything and everything off of public torrent sites, without regard for who the uploader is, any any comments that may be made about the files, yes, you are very likely to get infected. But, same can be said if you download what you want from some random website that you don't know and trust. It's always about getting your documents from trusted sources.