Jump to content

Recommended Posts

Posted (edited)

Good morning,

 

     I'm presently trying-out the 30-day trial version of ESS on my Win 7 Home Premium x64 computer.

 

A little while ago, MBAM blocked in INBOUND intrusion attempt from a malicious IP address which occurred while on the sevenforums website earlier.

Shown below is the detection & malicious website blocking info from the MBAM log:

-----------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Detection, 2/15/2016 9:15 AM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 193.109.69.150, 5353, Inbound, C:\Program Files\Bonjour\mDNSResponder.exe,
Detection, 2/15/2016 9:15 AM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 193.109.69.150, 5353, Inbound, C:\Program Files\Bonjour\mDNSResponder.exe,

(end)

-----------------------------------------------------------------------------

 

My question:  Is there a way to add the malicious IP address (193.109.69.150) to ESS so it will block this IP in the future?

 

(Within my previous security suite program, there was an "IP Blocklist" to which I could add malicious IP addresses, either manually or via importing a list).  I'm unable to find anything like this in ESS......or perhaps I'm not looking in the right place.

 

Thank you for your time and any info!

Edited by spc3rd
  • Solution
Posted (edited)

Hello spc3rd. Could this be what you're looking for?

 

hxxp://support.eset.com/kb2844/

 

Unsure what version ESS you are using. The example listed in the KB is showing v8 (I believe) but v9 should be similar.

Edited by TomFace
Posted (edited)

Hi Tom and much obliged for the info at that link!

 

It's exactly what I was looking for.

 

Cheers! :)

 

Pete

Edited by spc3rd
  • Administrators
Posted

1, Bonjour is a legitimate application installed with iTunes.

2, There are legitimate domains that resolve to 193.109.69.150.

3, Adding a url to the list of blocked urls will only block http communication and not DNS for instance.

Posted (edited)

Thanks very much for the follow-up info, Marcos.

 

I'm still a bit puzzled just why MBAM blocked that IP, but also why Securi.net is flagging it as malicious?

Edited by spc3rd
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...