Jump to content

Question about blocking malicious websites in ESS

spc3rd
 Share
Go to solution Solved by TomFace,

Recommended Posts

spc3rd

spc3rd 9

Posted
Posted (edited)

Good morning,

 

     I'm presently trying-out the 30-day trial version of ESS on my Win 7 Home Premium x64 computer.

 

A little while ago, MBAM blocked in INBOUND intrusion attempt from a malicious IP address which occurred while on the sevenforums website earlier.

Shown below is the detection & malicious website blocking info from the MBAM log:

-----------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Detection, 2/15/2016 9:15 AM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 193.109.69.150, 5353, Inbound, C:\Program Files\Bonjour\mDNSResponder.exe,
Detection, 2/15/2016 9:15 AM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 193.109.69.150, 5353, Inbound, C:\Program Files\Bonjour\mDNSResponder.exe,

(end)

-----------------------------------------------------------------------------

 

My question:  Is there a way to add the malicious IP address (193.109.69.150) to ESS so it will block this IP in the future?

 

(Within my previous security suite program, there was an "IP Blocklist" to which I could add malicious IP addresses, either manually or via importing a list).  I'm unable to find anything like this in ESS......or perhaps I'm not looking in the right place.

 

Thank you for your time and any info!

Edited by spc3rd
Link to comment
Share on other sites
  • Solution
TomFace

TomFace 539

Posted
  • Solution
Posted (edited)

Hello spc3rd. Could this be what you're looking for?

 

hxxp://support.eset.com/kb2844/

 

Unsure what version ESS you are using. The example listed in the KB is showing v8 (I believe) but v9 should be similar.

Edited by TomFace
Link to comment
Share on other sites
spc3rd

spc3rd 9

Posted
  • Author
Posted (edited)

Hi Tom and much obliged for the info at that link!

 

It's exactly what I was looking for.

 

Cheers! :)

 

Pete

Edited by spc3rd
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

1, Bonjour is a legitimate application installed with iTunes.

2, There are legitimate domains that resolve to 193.109.69.150.

3, Adding a url to the list of blocked urls will only block http communication and not DNS for instance.

Link to comment
Share on other sites
spc3rd

spc3rd 9

Posted
  • Author
Posted (edited)

Thanks very much for the follow-up info, Marcos.

 

I'm still a bit puzzled just why MBAM blocked that IP, but also why Securi.net is flagging it as malicious?

Edited by spc3rd
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...