Not sure what to do ?

[Andyonline]

Hi,

I have MBAM running in realtime along with Avast IS 7 and a couple of times I have had notifications through MBAM which appears to be blocking Avast - see attached screenshot.

I have the Avast program file on C drive in the ignore list in MBAM so I am not sure what this means and what I need to do to resolve.

Any comments appreciated.

Thanks

[Pondus]

think this is bc the outging request is going true avast webshield so it looks as it it is comming from avast

think this issue have been posted somtime before....

[Pondus]

is this a dell computer?.....
as the IP address shown seems to havevsomething to do with dell driver update?
http://www.ip-adress.com/whois/64.191.91.215

[polonus]

Could this have to do with sitebuilder?

polonus

[DavidR]

The problem is not with avastSvc.exe as that in this instance is the web shield proxy redirecting a request connect to this IP, either from your browser or another program on your system.

You can exclude avast in MBAM until you are blue in the face as it will make no difference at all as MBAM is blocking the IP and not avastSvc.exe.

####
I have seen this so many times I have even saved my usual response - MBAM malicious IP Detection reporting avastSvc.exe as process:
No avast isn't infected. MBAM isn't blocking avast as such, as the avastSvc.exe is the main avast service and it controls the various shields. The Web Shield routes all http traffic through its localhost proxy, so all MBAM sees is avastSvc.exe as the originating process, which is incorrect.

This is either you trying to connect to this IP via your browser or possibly a link in a site you're viewing redirecting of getting content from that IP address.

What site were you on when this alert occurred ?

@@@@
I find this feature in MBAM more a hindrance than a help - This is what I hate about the MBAM malicious site blocking, it doesn't do what it says on the tin as there are many more categories that it also alerts on and this under the guise of the malicious sites, so there is no way that the user knows what is 'malicious' about the IP alert. So for my money (excuse the pun) they either need to change the wording and or make it clear 'why' an IP was blocked.

[Andyonline]

Thanks for the replies.

I cant actually recall the specific site but I was looking at website building software so Polonus is probably right that it was a site called sitebuilder.

It would seem from the responses that it is no real issue just MBAM incorrectly reading Avast as the source process.

As  long as thats all it is, I can live with that as it happens infrequently.

Thanks

Andy

[DavidR]

It isn't incorrectly identifying the process, it just doesn't know what avastSvc.exe does and isn't able to identify the real application that has been redirected through the localhost proxy. Some firewalls aren't able to do that either (identify redirections) and MBAM isn't a firewall, so it probably isn't even checking for that.

The real problem isn't the process (unless it is malicious, not avast) but trying to access what MBAM considers a malicious IP and you know my feelings on that "it doesn't do what it says on the tin," detect only malicious sites and for me that is just plain wrong.

[Para-Noid]

Some time back I posted on MalwareBytes.org forums about MBAM blocking avastsvc.exe and they told me MBAM is "not" really blocking it. I also told them I have made avast as an exclusion on MBAM Pro. I have since learned to not pay any attention to that specific pop-up. I do pay attention to other MBAM pop-ups.