Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MalwareBytes

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 6 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      charlieblalock @johnpoz
      last edited by

      @johnpoz My job is to recommend options, and in this instance, there are many more options in the same space that does not abuse network traffic. One PC created 1 GB of data in about 2 hours on the firewall. Multiple that by ~200 client Pcs and we would be DDOSin the network.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @charlieblalock
        last edited by johnpoz

        @charlieblalock oh don't take that the wrong way - was just curious more than anything.

        And its something I despise - and feel its horrible coding... I get it try and resolve something and it fails, sure try again. But some devices are just insane - their should be a back off built in... Hey 3 attempts don't work, wait X seconds, don't work wait X minutes, doesn't work wait X hours, etc..

        Roku's are horrible at it as well.

        roku.jpg

        But its really a known thing in dns blocking - some things will just go insane when you block what they are looking for..

        I mean really do you have to ask every freaking second ;) Or every 30 seconds even..

        Stupid ass if you ask me

        stupidshit.jpg

        Every freaking minute - come on, your not getting it ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        M 1 Reply Last reply Reply Quote 0
        • provelsP
          provels
          last edited by provels

          Of possible interest. MB Forum

          Peder

          MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
          BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @charlieblalock
            last edited by

            @charlieblalock said in MalwareBytes:

            MalwareByte AV product was just atrocious.

            Malwarebyte was quiet useful in the past.
            That's all gone now. Their programmers now want to get paid, share holder want their stake, and so on.
            Same thing for AVAST, and many others like 'utorrent' (was useful in the past,and then they added a crypto miner).

            @charlieblalock said in MalwareBytes:

            We were going to roll this out to a 200-person

            Wait. Visit your companion's health care centre first - and human resources.
            You'll be needing them.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            provelsP 1 Reply Last reply Reply Quote 0
            • M
              mer @johnpoz
              last edited by

              @johnpoz said in MalwareBytes:

              I mean really do you have to ask every freaking second ;) Or every 30 seconds even..

              "I tried to get to my site every 10 secs, but failed once so I have to try every 5 secs and when that fails I now try every second until it succeeds"

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @mer
                last edited by

                @mer hehehe exactly! Just such nonsense..

                Another thing that rubs me the wrong way is these iot devices that need to talk to something every X seconds.. Ok fine - not an issue you want/need to talk to something every X seconds.. But if your going to have to look up some fqdn every X seconds - how about you cache that for some time, you know say the life of the ttl.. Vs having to do a dns query every 10 seconds when you want to go to something.whatever.tld

                Not saying you need to run a full blown caching name server on your iot device... But JFC - can you not at least cache the few entries your talking to vs having to ask dns for it every single time.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                M 1 Reply Last reply Reply Quote 1
                • M
                  mer @johnpoz
                  last edited by

                  @johnpoz Now why would you want to do that. I mean 4bytes for every IPV4 address you cache, 16 bytes per IPV6 address, that can add up over the 3 or 4 addresses you need.
                  And parsing the response for TTL and setting a timer way too much code.

                  Actually worked at a place that had redundant cards in a chassis, did the heartbeat thing to see if you needed to fail over. And yes the initial implementation used the exact opposite of an exponential backoff when they did not receive an ACK in time.
                  And folks wondered why things wouldn't work sometimes.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @mer
                    last edited by

                    @mer said in MalwareBytes:

                    that can add up over the 3 or 4 addresses you need.

                    hahah.. Exactly how 1 or 2 devices sending a query to my dns every X seconds isn't a big deal... But if I have 100 of those devices on the network.. That can add up to unwanted dns traffic ;)

                    I mean who would ever have more than a couple of say light bulbs on their network.. What tops a half dozen.. So sure just query my dns every 1 second you POS ;) its not like on a wifi network where you know other things might want to talk and use the wifi at the same time as your flooding it with needless chatter.. Oh while your at it - could you broadcast looking for other devices every second as well..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 1
                    • provelsP
                      provels @Gertjan
                      last edited by

                      @gertjan said in MalwareBytes:

                      Their programmers now want to get paid

                      The nerve...

                      Peder

                      MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                      BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                      1 Reply Last reply Reply Quote 0
                      • T
                        Tzvia
                        last edited by

                        This 'telemetry' crap is common as dirt. Telemetry my arce. They are collecting data about usage- like where you go on the internet. See it with Firefox (incoming.telemetry.mozilla.org), my phones once I switched them to my internet carrier (v-collector.dp.aws.charter.com), MS does it (v10.vortex-win.data.microsoft.com)... you name it, they are trying to make a buck off your usage. Malwarebytes also has that 'browser guard'. I keep saying NO and sure enough it pops up again 'please turn me on'. Where else to better see where you are going, than with a plugin in the browser?

                        These days, many AV products are moving away from local 'definition' files/local scanning, to cloud based scanning. I get it, real time scanning, zero day bla bla. But I wonder what they are storing up there 'in the cloud'- their servers, and how it affects computer performance. Malwarebytes is on the mild side here- we use Fireeye at work and their xagt process can chew up 80% of the processor- you really feel it. Horrible. Maybe Malwarebytes has a central control console (not familiar with what they offer for business use) where you can turn telemetry off without having to manually do it on 200 machines...

                        Tzvia

                        Current build:
                        Hunsn/CWWK Pentium Gold 8505, 6x i226v 'micro firewall'
                        16 gigs ram
                        500gig WD Blue nvme
                        Using modded BIOS (enabled CSTATES)
                        PFSense 2.72-RELEASE
                        Enabled Intel SpeedShift
                        Snort
                        PFBlockerNG
                        LAN and 5 VLANS

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.