spc3rd 9 Posted June 22, 2016 Share Posted June 22, 2016 Good morning, Shown below is an excerpt from my MBAM Log this morning where it blocked an INBOUND connection attempt from the IP address indicated, apparently trying to connect to the executable file displayed. From what I can find in my limited checking on-line, the IP appears to be part of some botnet apparently located in Kiev, Ukraine. My computer is a standalone, not on any network, nor is there any file-sharing, and I'm the only one who uses it. My questions: (1) - Is there a reason ESS v9 did not block this IP? (2) - Is/are there any action(s) I should take at this point? Malwarebytes Anti-MalwareDetection, 6/22/2016 7:59 AM, SYSTEM, XXXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.223.89.211, 5005, Inbound, C:\Program Files\Windows Media Player\wmpnetwk.exe,Detection, 6/22/2016 7:59 AM, SYSTEM, XXXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.223.89.211, 5005, Inbound, C:\Program Files\Windows Media Player\wmpnetwk.exe,(end) Thank you for your time and any feedback! Link to comment Share on other sites More sharing options...
itman 1,758 Posted June 22, 2016 Share Posted June 22, 2016 (edited) MBAM realtime protection will block all domains associated with a malicious IP address regardless of if only one domain is malicious. As such, the Windows media player connection could have actually been made to a non-malicious domain. -EDIT- Just did a reverse lookup for that IP address and there are no domains associated with that IP address. Additionally when using multiple AV realtime scanners, it is a "coin toss" which realtime scanner will detect first. Only way to know for sure if Eset would detect this is to temporarily disable MBAM's realtime scanner and connect to the IP in question using Windows media player. -EDIT- Appears to be there was some type of redirect activity to the IP in question from a previous domain connection by WMP? Edited June 22, 2016 by itman Link to comment Share on other sites More sharing options...
spc3rd 9 Posted June 22, 2016 Author Share Posted June 22, 2016 (edited) Much obliged for the follow-up info, itman! At least it's reassuring to know "the bases are covered", so-to-speak...even if MBAM managed to beat ESS to the punch on this occasion. Cheers! Edited June 22, 2016 by spc3rd Link to comment Share on other sites More sharing options...
Recommended Posts