Jump to content

IP 91.223.89.211; Why MBAM blocks, but ESET did not?

spc3rd
 Share

Recommended Posts

spc3rd

spc3rd 9

Posted
Posted

Good morning,

 

     Shown below is an excerpt from my MBAM Log this morning where it blocked an INBOUND connection attempt from the IP address indicated, apparently trying to connect to the executable file displayed.

From what I can find in my limited checking on-line, the IP appears to be part of some botnet  apparently located in Kiev, Ukraine.

 

My computer is a standalone, not on any network, nor is there any file-sharing, and I'm the only one who uses it. 

 

My questions(1) - Is there a reason ESS v9 did not block this IP?  (2) - Is/are there any action(s) I should take at this point? 

 

Malwarebytes Anti-Malware

Detection, 6/22/2016 7:59 AM, SYSTEM, XXXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.223.89.211, 5005, Inbound, C:\Program Files\Windows Media Player\wmpnetwk.exe,
Detection, 6/22/2016 7:59 AM, SYSTEM, XXXXXADMIN-PC, Protection, Malicious Website Protection, IP, 91.223.89.211, 5005, Inbound, C:\Program Files\Windows Media Player\wmpnetwk.exe,
(end)

 

Thank you for your time and any feedback!

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

MBAM realtime protection will block all domains associated with a malicious IP address regardless of if only one domain is malicious. As such, the Windows media player connection could have actually been made to a non-malicious domain. -EDIT- Just did a reverse lookup for that IP address and there are no domains associated with that IP address.

 

Additionally when using multiple AV realtime scanners, it is a "coin toss" which realtime scanner will detect first.

 

Only way to know for sure if Eset would detect this is to temporarily disable MBAM's realtime scanner and connect to the IP in question using Windows media player. -EDIT- Appears to be there was some type of redirect activity to the IP in question from a previous domain connection by WMP?

Edited by itman
Link to comment
Share on other sites
spc3rd

spc3rd 9

Posted
  • Author
Posted (edited)

Much obliged for the follow-up info, itman!

 

     At least it's reassuring to know "the bases are covered", so-to-speak...even if MBAM managed to beat ESS to the punch on this occasion.

 

Cheers! :)

Edited by spc3rd
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...