since last week that I started using MBAM Pro as real-time beside my AV, it has too many IP Blocks, even sometimes cut my internet.
Anyone has any idea what might be causing it?
I found that one of those IPs has been because of one of the Extension in my Google Chrome (Ultimate Chrome Flag), but I’ve no idea about other IP Blocks, they happen with every new page I open in chrome.
I’m going Give up MBAM FPs because it even block IP of my ISP!!!
two most blocked IPs are:
67.212.77.12
67.212.77.13
just in random ports (from 50000 to under 70000), anyone has any idea about these IPs?
system: Win 7 x86, chrome 10, real-time protections: Avira PSS and MBAM, on demand scanners are SAS portable, Hitman Pro, use HostsMan with MVPS.
Please remove immediately the link you provided with your ots log hxxp://boelectronic.heliohost.org/avast/OTS.Txt
avast alerted me for malware INF:AutoRun-gen2[Wrm]
@essexboy: I guess you know that Avira WebGuard works as proxy for internet, so whatever comes from any HTTP traffic from every program will be going trough Avira WebGuard, so I guess someone else is the reason, I looked for IPs and have had no idea… ??? Avira.com and Avira.de IP is 80.190.154.32
Also, don’t forget that IPs may be shared by more than one domain. At some point it may block good domains, because the IPs are blacklisted due to other misbehaving domains.
I guess users of MBAM Pro could suggest the team behind it to add an option to exclude IPs, and IPs from being blocked if matching a given domain. This would prevent a situation such as the one you experienced.
Thanks for the link, I’ve had already traced that IP but I like your link too.
and again yes, I know and I agree blocking IPs instead of URLs cause too much FPs and they at MBAM don’t mind about that! (That’s why in all the years I had MBAM Pro never used it as real-time protection and only used Auto-update /auto-scan)
I will ask about this problem I’ve in MBAM forum too to see what they say.
I do not know what MBAM uses as list(s) to make up their “sinkhole”. But a lot of sites that should be blocked are not there, so still will infect users, sometimes undetected by av, and can be found here
: htxp://support.clean-mx.de/clean-mx/viruses
(not to be visited by the unaware, and then do not click any live links)
and there are more likewise sources where these sites to be blocked are reported.
A fact is that block lists always are a partial solution, a lot of these sites don’t work anymore, were cleansed or taken out and new undetected have taken their place, are not on the list yet, in the ever changing landscape of malicious IP’s.
So the vulnerability window still stays open to an extent…
Unmasked parasites gives you an interrelation between infected and infecting sites,
also check using the Google Chrome extension: http://hostspy.org/