Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes blocks avast service?


  • Please log in to reply
11 replies to this topic

#1 sniper8752

sniper8752

  • Members
  • 380 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 27 September 2013 - 07:02 PM

I get this pop-up every once in a while that Malwarebytes block avastsvc.exe on port 1861, outgoing.  It believes that it is a malicious website.  I do have avast installed.  Is this just a false positive?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 28 September 2013 - 06:48 AM

Did you ever have avast installed on your system? Have you performed a search for the avastsvc.exe file and if so, where is it located?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 28 September 2013 - 07:52 AM

It isn't a false positive.

Avast's Network Shield driver loads before Malwarebytes - therefore any traffic goes through their driver first. Because of how Windows functions, it believes the connection is being established by Avast, irrespective of the actual process accessing the Internet.

Please refer to: https://helpdesk.malwarebytes.org/entries/21195921-why-is-Malwarebytes-anti-malware-blocking-my-antivirus-
Posted Image

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:12 PM

Posted 28 September 2013 - 08:12 AM

MBAM isn't blocking avast as such, as the avastSvc.exe is the main avast service and it controls the various shields. The Web Shield routes all http traffic through its localhost proxy, so all MBAM sees is avastSvc.exe as the originating process, which is incorrect.


This is either you trying to connect to this IP via your browser or possibly a link in a site you're viewing redirecting of getting content from that IP address.

From the Avast forums, topic located here: http://forum.avast.com/index.php?topic=102090.0

What are you doing when you get the IP block?

 

@Quietman: They have Avast installed, see their third sentence.

 

xXToffeeXx~


Edited by xXToffeeXx, 28 September 2013 - 08:12 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 sniper8752

sniper8752
  • Topic Starter

  • Members
  • 380 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 28 September 2013 - 09:41 AM

"if you browse to a website using your internet browser and that website is blocked by Malwarebytes Anti-Malware, that the process which will be displayed as being blocked will not be that of your browser, but instead will be that of your antivirus."  -https://helpdesk.malwarebytes.org/entries/21195921-why-is-Malwarebytes-anti-malware-blocking-my-antivirus-

Still don't really understand why it is doing this though.  



#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 28 September 2013 - 10:03 AM

Avast has multiple components or "shields" - one of which being a Network Shield.

All Internet Traffic goes through Avast's Network Shield. This behaviour makes Windows belive Avast is responsible for the traffic and not your browser.

If you connect to an IP address blacklisted by Malwarebytes, the process displayed by the block will be Avast and not your browser.

In essence - you intentionally or unintentionally connected to an IP address blacklisted by Malwarebytes. This connection went through Avast's Network Shield. Windows believes that Avast was responsible for the connection and as such, Malwarebytes subsequently made the IP block thinking it was established by your Anti-virus.

If you're unsure why or how your computer attempted to connect to a potentially malicious IP address, I suggest you refer to: https://helpdesk.malwarebytes.org/entries/23482998-What-does-it-mean-when-I-get-an-ip-alert-about-blocking-a-malicious-site-
Posted Image

#7 sniper8752

sniper8752
  • Topic Starter

  • Members
  • 380 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 28 September 2013 - 10:38 AM

oh ok, I understand now.  thanks.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 28 September 2013 - 04:58 PM


@Quietman: They have Avast installed, see their third sentence.

 

I misread the initial posting early this morning before my first cup of coffee. I thought sniper8752 wrote "I do not have avast"...that's why I asked if he ever had avast installed and if a search was performed for the file. Had I read it correctly, I would have provided the Help Desk link.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:12 PM

Posted 29 September 2013 - 02:16 PM

quiteman,

 

Just making you aware, I had thought that you had misread their first post so that's why I pointed it out. It's an easy mistake to make, and I'm not criticizing you for that.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 29 September 2013 - 03:44 PM

I didn't take your comment as a criticism. I am glad you pointed it out...someone has to help keep us old guys on our toes since we don't see (read) as good as we use to. :wink:


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:12 PM

Posted 30 September 2013 - 10:15 AM

I'm glad, sometimes it is quite hard to tell what tone people take whilst posting online, so if I ever mistake something then feel free to correct me. Maybe not, but you have many years of wisdom to draw upon :wink:

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:12 AM

Posted 30 September 2013 - 10:27 AM

... but you have many years of wisdom to draw upon :wink:

I used that line many years ago when referring to my elders...it was a diplomatic way of calling an old fart an old fart. :hysterical:


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users