An outgoing IP alert
indicates that a process on your system tried to access a malicious IP and was prevented from loading content onto your system. A browser is not required to be running for an alert to occur...just an active Internet connection with processes running. IP alerts are also triggered by banner ads appearing on websites since in some case these ads are malicious. Notification that an outgoing IP address has been blocked does not necessarily mean the computer is infected
. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, SKYPE, P2P software, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. No action is required unless you're also experiencing malware symptoms or there are multiple IPs. Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.
As noted above, if you are using peer-to-peer (P2P) file sharing
programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, Skype, etc) or an Instant messaging
(IM) client, they can trigger Malicious Website Blocking alerts. Why?
P2P programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections
and remote attacks. Malwarebytes IP Protection will block access to some of the peers a P2P client attempts connection to because they are classified or detected as malicious.
If you're not using P2P programs, then further investigation is needed to include examining events in the Malicious Website Blocking protection-logs
. Refer to this topic for instructions on how to properly save/export a Scan log
...How do I access and save logs from Malwarebytes Anti-Malware?
If the IP Block shows in the protection log for a legitimate site, that generally indicates when the block was implemented by Malwarebytes, there were sufficient domains housing malware to warrant it. Unfortunately where shared IPs are concerned there will usually be safe domains that get caught in the cross-fire.
You can investigate (search) IP addresses and gather additional information at: