8 replies to this topic

[Alecun]

Hi,

I'm just trying out the product and am concerned by regular IP blocking messages which MBAM claims were initiated by Skype.
I've been using Skype for a long time and it has never opened any sites however, being freeware I have no doubt it is supported by ads. Is Skype trying to reach sites to download ad banners please, and if that is the case, why does MBAM consider such sites as malicious?

[1PW]

Hello Alecun:

In a reply, please post an excerpt of the MBAM log that documents your observation.

Thank you!

[Alecun]

08:48:18 PBC MESSAGE Protection started successfully
08:48:22 PBC MESSAGE IP Protection started successfully
11:03:12 PBC IP-BLOCK 222.65.178.149 (Type: incoming, Port: 63754, Process: skype.exe)
11:03:12 PBC IP-BLOCK 222.65.178.149 (Type: incoming, Port: 63754, Process: svchost.exe)
11:03:12 PBC IP-BLOCK 222.65.178.149 (Type: incoming, Port: 63754, Process: svchost.exe)
12:06:34 PBC DETECTION C:\Users\PBC\AppData\Local\Temp\7zS3110.tmp\check.exe Trojan.Agent QUARANTINE
19:00:13 PBC MESSAGE Scheduled update executed successfully
19:00:43 PBC MESSAGE IP Protection stopped
19:00:45 PBC MESSAGE Database updated successfully
19:00:46 PBC MESSAGE IP Protection started successfully
20:20:49 PBC IP-BLOCK 200.63.43.50 (Type: outgoing, Port: 63754, Process: skype.exe)
20:20:49 PBC IP-BLOCK 200.63.43.50 (Type: outgoing, Port: 63754, Process: skype.exe)
20:20:49 PBC IP-BLOCK 200.63.43.50 (Type: outgoing, Port: 63754, Process: skype.exe)
20:26:25 PBC IP-BLOCK 89.28.94.180 (Type: outgoing, Port: 63754, Process: skype.exe)
20:26:33 PBC IP-BLOCK 89.28.94.180 (Type: outgoing, Port: 63754, Process: skype.exe)
20:26:33 PBC IP-BLOCK 89.28.94.180 (Type: outgoing, Port: 63754, Process: skype.exe)
22:03:20 PBC IP-BLOCK 89.28.24.36 (Type: outgoing, Port: 53704, Process: skype.exe)
22:03:20 PBC IP-BLOCK 89.28.24.36 (Type: outgoing, Port: 63754, Process: skype.exe)
22:03:28 PBC IP-BLOCK 89.28.24.36 (Type: incoming, Port: 63754, Process: skype.exe)
22:03:28 PBC IP-BLOCK 89.28.24.36 (Type: incoming, Port: 63754, Process: svchost.exe)
22:03:28 PBC IP-BLOCK 89.28.24.36 (Type: incoming, Port: 63754, Process: svchost.exe)
00:38:43 PBC IP-BLOCK 213.155.31.248 (Type: outgoing, Port: 63754, Process: skype.exe)
00:38:43 PBC IP-BLOCK 213.155.31.248 (Type: outgoing, Port: 63754, Process: skype.exe)
00:38:51 PBC IP-BLOCK 213.155.31.248 (Type: outgoing, Port: 63754, Process: skype.exe)
06:10:04 PBC IP-BLOCK 89.28.94.180 (Type: outgoing, Port: 63754, Process: skype.exe)
06:10:04 PBC IP-BLOCK 89.28.94.180 (Type: outgoing, Port: 63754, Process: skype.exe)
06:10:12 PBC IP-BLOCK 89.28.94.180 (Type: outgoing, Port: 63754, Process: skype.exe)

[1PW]

Hello Alecun:

One or more of those IP addresses could be considered worrisome.

Your Skype application may be acting as a Supernode.

When Skype isn't actually in-use, it's best to terminate all its processes, even the one in the system tray.

HTH

[Mainard]

Hello Alecun,

As I do not want to degrade the time and effort John A made within his post I suggest reading the reply he created Here. This will explain why we block some IPs while using Skype.

If you have any further questions I will be glad to assist you further.

Thank you very much!

[Alecun]

@ 1PW
Thanks for your suggestions however, I use Skype as a telephone replacement allowing customers, suppliers, and friends to contact me whenever they wish. This obliges me to have Skype active in online mode which means in the system tray. MBAM's IP blocking is not preventing me from using Skype which is good but I was curious as to why MBAM considered these IP's as malicious as well as why Skype was making outbound connections to those IP addresses without any input from myself? John A's post has kind of answered those questions although I still don't see why ThreeGuser feels that Skype should be on the software to avoid list.

@ Mainard
Thanks for your reply. Do you see Skype as malevolent, as in should I replace it with something else? I have to admit I find MSN Messenger far more intrusive but at least MBAM doesn't have a problem with it at this time.

[Mainard]

Hello Alecun,

Skype isn't harmful per se, It does have the ability to connect to other IPs and when you do connect to one that is considered malicious MBAM steps in and blocks that connection. I personally use skype and MBAM Pro with ease, sometimes I get the block as Skype attempts to connect to a malicious IP. I do enjoy seeing MBAM perform it's function in blocking anything potentially malicious to my system.

Hope this answers your question. If you still have any other questions please do not hesitate to ask.

Thank you!

[Alecun]

Thanks for your reassurance Mainard.

[Mainard]

Alecun,

You are quite welcome!

Have a great day.