132 replies to this topic

[secret365]

some suggestions for your thought .


IP Protection can further enhance by having

1) a log file &

2) an exclusion list (so that the user can have the option to exclude certain IPs from blocking).

Thanks.

[exile360]

Greetings .

It does have a log file, it's located here:

"%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\logs"

It's a log file for the Protection Module, including any IP's that were blocked by it.

[Firefox]

How about including in the log file what application was trying to access the website, or the application that generated the block.

[secret365]

exile360, on Aug 5 2009, 01:39 AM, said:

Greetings .

It does have a log file, it's located here:

"%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\logs"

It's a log file for the Protection Module, including any IP's that were blocked by it.

Thanks for the reply.


May I know how often must the user do maintenance (the number of files will keep growing)?

It will be better if listed in the GUI.

[secret365]

What about the idea of having an exclusion list (so that the user can have the option to exclude certain IPs from blocking)?

Judging from the number of posts posted in the "False Positives" section, an exclusion list will definitely help.

[deny]

I'm still wonder what is wrong with IP address 88.214.226.32 from UK.
Each time Firefox is started Malwarebytes for this IP address and it is a little bit annoying.

[deny]

It will be good to give description what is wrong with certain IP address and why. Right we have not any information;s.

[deny]

I have just found that 88.214.226.32 is related to seoquake.com legitimate add on to Firefox and i think that this warning is ridiculous.

[Falkra]

The team is working on the IP blocking feature. As any new feature, the first release is always the one that gives most work.

The warning isn't ridiculous though, considered globally.

[deny]

Falkra, on Aug 6 2009, 02:16 PM, said:

The team is working on the IP blocking feature. As any new feature, the first release is always the one that gives most work.

The warning isn't ridiculous though, considered globally.

If Malwarebytes pop-up prompt with Infection Detected: 88.214.226.32 (or with any other IP address) then any average user will scare and ask what's wrong here? Infection or not?
I think that giving such a warning with Infection Detected without providing any information;s is ridiculous. Probably most adequate will be possible threat from IP address xxx.xxx.xxx..xxx detected. IP address is on black list because of ... but Infection detected (in this situation false positive) does not make any sense.

[Falkra]

Precisely, as I said, this is being worked on, and improvements are coming.

[mailman]

deny, on Aug 6 2009, 09:57 AM, said:

I'm still wonder what is wrong with IP address 88.214.226.32 from UK.

I also am wondering.

The hpHosts database says this about IP 88.214.226.32:

Quote

Sites resolving to 88.214.226.32 were NOT found in our database

I suggest you head over to the False Positives forum and follow the instructions in this link to report about that IP.

Quote

Thank you all for remaining patient while we work out any kinks in our brand new IP blocking module. If you find any false positives with the new module, please kindly create a new post with the IP address as the title. Also, please indicate what you were attempting to do on the site so that we can reproduce it.

Thank you for your cooperation and we hope you enjoy the extra protection!

For example, it would probably be helpful for them if you explain about your "seoquake.com legitimate add on to Firefox" (perhaps even with a link to the add on that apparently triggers the alert) so they can further verify its legitimacy and they can reporoduce your annoying situation.

[Conundrum87]

I've seen that others have had problems with the IP Protection blocking and sometimes indicating continous Infection Messages. I've done this with other security software and have been quiet successful in eliminating any fake or false positives. I can only guess that the same program that protects you from visiting dangerous sites, also is responsible for detecting temporary internet files from dangerous sites.

Instructions:
(1) Open Internet Explorer
(2) Select Tools
(3) Select Internet Options
(4) Open Browsing History
Options Available:
- Delete Temporary Internet Files: These files are usually saved to help expediate reloading of the site the next time you visit.
- Delete Cookies: These files are saved from the sites you visit. Computers send packages back and forth, unfortunately these can add up if you collect alot from sites you never visit more then once.
- Delete History: This is a memory of sites you've visited, it appears in the URL bar when you being to type.
(5) Delete your Temporary Internet Files

Hope this was helpful. I hardly receive reports any more from the IP Protection, and every time I clear it they stop.

[MysteryFCM]

deny, on Aug 6 2009, 03:23 PM, said:

If Malwarebytes pop-up prompt with Infection Detected: 88.214.226.32 (or with any other IP address) then any average user will scare and ask what's wrong here? Infection or not?
I think that giving such a warning with Infection Detected without providing any information;s is ridiculous. Probably most adequate will be possible threat from IP address xxx.xxx.xxx..xxx detected. IP address is on black list because of ... but Infection detected (in this situation false positive) does not make any sense.

There may be nothing wrong with the add-on, but that IP address is on an IP range associated with the Russian Business Network, which is why it's blocked.

Contrary to it's location, the IP range is Ukranian/Russian controlled, NOT UK controlled.

http://hphosts.blogspot.com/2009/05/interf...n-blackhat.html

[Blottedisk]

Firefox, on Aug 5 2009, 12:44 AM, said:

How about including in the log file what application was trying to access the website, or the application that generated the block.

I competely agree with you, Firefox. Including this information would be most handy, as it could show trojan activity on the OP´s computer and detailed information to identify the non-legit application and remove it. I would also suggest to include this information in the pop-ups.


Regards

[k00ks]

Another thing, the pop-ups are getting really annoying, the sound and the pop-up, i really have no care for the ip, so if you could put in a option to turn off the notice (silent?) that would be great.

[prairie dog]

k00ks, on Aug 10 2009, 01:07 AM, said:

Another thing, the pop-ups are getting really annoying, the sound and the pop-up, i really have no care for the ip, so if you could put in a option to turn off the notice (silent?) that would be great.

Here's some info on the new IP feature

You can disable it if you would like to.

[k00ks]

prairie dog, on Aug 10 2009, 07:14 AM, said:

Here's some info on the new IP feature

You can disable it if you would like to.

i meant as in i dont care what ip they are blocking, but i care that they do. i dont want to completely disable the feature, i just don't want a notification.

[AdvancedSetup]

Currently there is no method to disable it but I'm sure there will be an update soon that may allow it.

[exile360]

I believe if you disable all balloon notifications in Windows that it wouldn't show it any more, but you might want notifications from other programs and Windows itself so that might not be the best solution in all cases.