Malwarebytes Anti Malware blocks Skype process

Hello,

I’ve got recently the following MAW notice

2012/12/09 12:04:54 +0100   PC-DE-A   A   IP-BLOCK   xx.xx.xxx.xxx (Type: incoming, Port: 30413, Process: skype.exe)

I’d like to know what does this message mean and, in general, to learn more about how and why the MAW sees the Skype processes and why does it block something related to Skype?

Thanks

seems it is blocking a incoming request form a IP it does not like…and that the request is coming true skype

anyway, best place to get the correct answer…Malwarebytes forum http://forums.malwarebytes.org/

More something for the MBAM forums than avast.

Essentially it is the MBAM malicious website blocking function, it doesn’t like the IP address that Skype has connected too.

  • MBAM malicious website IP Detection reporting skype.exe as process:
    No skype isn’t infected. MBAM isn’t blocking skype as such, as the skype.exe is the main skype service and it controls the various connections. So what MBAM sees is skype.exe as the originating process, which is responsible for the connection.

  • I gave up on MBAM Pro’s Malicious site blocking as it is by far its worst point as it doesn’t do what it says block malicious sites as its database is much wider than just malicious sites and for that reason it got disabled. You have A) your browser (most have malicious/phishing site blocking, firefox does), B) the network Shield, C) the Web Shield and D) firefox add-ons AdBlockPlus (you can add.subscribe to its Malware Domains list).

So more options than you can shake a stock at and as far as I’m concerned more than enough not to need MBAM’s malicious site blocking, which for me is more hassle than it is worth.

@ DavidR,

Have Adblock Plus for FF. Where is this Malicous Domains listed as a direct subscription list? Can’t find a direct link via AdBlock, only see a text file at web site.

This is it (e.g. if I click filter list for it in ABP) https://easylist-downloads.adblockplus.org/malwaredomains_full.txt essentially all of the filter lists are text files

…hm…i use skype rather often, and i ve got no ptoblems using it, save that it requires resources …so what does the MBAM block? i ve got no idea how does skype function, does ti have sort of a distributive function that needs other ips?

As I have said it blocks connections to IP addresses it thinks are malicious. I suggest you read my first reply.

Thanks for the link. I see no way to integrate the text file into the program via the gui, tho. See attached below:

Change the Subscription title: field to Malware Domains and Copy and paste the url I gave into the Filter list location: field. Then click the Add subscription, I believe that is it, but it is a very long time ago that I added this.

thank u DavidR and others;

however why does the Skype need connections to other IPs…? that’s the question.

That sounds odd but what if there are places where all we do via skype gets recorded? I mean the signal i ve got with my interlocutor is
sent to a third party and…that s it basicly…technically it is not impossible…And mbam detects such connections…Anyway that s a proper question for the Skype forum…

Yep. :wink:

Thanks for the tip DavidR and when did you found out about the new DNS-BH – Malware Domain Blocklist website to add this with Adblock Plus

I have Fanboy’s Adblock List, Fanboy’s Tracking List, Fanboy’s Annoyance Block List and I’ve added Malware Domain Blocklist as well or is that to much ??

http://forum.avast.com/index.php?msg=615414 :wink:

Thanks for the head up Asyn :wink:

NP Speedy. :slight_smile:

For Skype to work it has to connect to another IP address so that you can talk to the other party. The problem is with MBAM not liking that particular IP (which is likely to change depending on the call).

As I have said in the past I hate this mbam function as it causes more grief as it doesn’t only block malicious IP addresses, many other categories seem to be grouped under this heading.

I don’t know if the Skype forum can answer this either, it is more of a question for the mbam forum asking why it blocks that IP address.