spc3rd 9 Posted February 15, 2016 Posted February 15, 2016 (edited) Good morning, I'm presently trying-out the 30-day trial version of ESS on my Win 7 Home Premium x64 computer. A little while ago, MBAM blocked in INBOUND intrusion attempt from a malicious IP address which occurred while on the sevenforums website earlier. Shown below is the detection & malicious website blocking info from the MBAM log: ----------------------------------------------------------------------------- Malwarebytes Anti-Malwarewww.malwarebytes.orgDetection, 2/15/2016 9:15 AM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 193.109.69.150, 5353, Inbound, C:\Program Files\Bonjour\mDNSResponder.exe,Detection, 2/15/2016 9:15 AM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 193.109.69.150, 5353, Inbound, C:\Program Files\Bonjour\mDNSResponder.exe,(end) ----------------------------------------------------------------------------- My question: Is there a way to add the malicious IP address (193.109.69.150) to ESS so it will block this IP in the future? (Within my previous security suite program, there was an "IP Blocklist" to which I could add malicious IP addresses, either manually or via importing a list). I'm unable to find anything like this in ESS......or perhaps I'm not looking in the right place. Thank you for your time and any info! Edited February 15, 2016 by spc3rd
Solution TomFace 540 Posted February 15, 2016 Solution Posted February 15, 2016 (edited) Hello spc3rd. Could this be what you're looking for? hxxp://support.eset.com/kb2844/ Unsure what version ESS you are using. The example listed in the KB is showing v8 (I believe) but v9 should be similar. Edited February 15, 2016 by TomFace
spc3rd 9 Posted February 15, 2016 Author Posted February 15, 2016 (edited) Hi Tom and much obliged for the info at that link! It's exactly what I was looking for. Cheers! Pete Edited February 15, 2016 by spc3rd
Administrators Marcos 5,468 Posted February 15, 2016 Administrators Posted February 15, 2016 1, Bonjour is a legitimate application installed with iTunes. 2, There are legitimate domains that resolve to 193.109.69.150. 3, Adding a url to the list of blocked urls will only block http communication and not DNS for instance.
spc3rd 9 Posted February 15, 2016 Author Posted February 15, 2016 (edited) Thanks very much for the follow-up info, Marcos. I'm still a bit puzzled just why MBAM blocked that IP, but also why Securi.net is flagging it as malicious? Edited February 15, 2016 by spc3rd
Recommended Posts