search

bitbeans / SimpleDnsCrypt

A simple management tool for dnscrypt-proxy
https://simplednscrypt.org
MIT License
2.31k stars 233 forks source link

Malwarebytes #123

Closed AlphaCzerwinski closed 7 years ago

AlphaCzerwinski commented 7 years ago

I don't think this is a problem, just an information item.

Recently, I installed a product called MalwareBytes on my Windows 7 machine.

That program popped up an alert and blocked the resolver IP addresses when SimpleDnsCrypt reached out on the internet.

So, within MalwareBytes settings I "excluded" (whitelisted) these three .EXE files: SimpleDnsCrypt.exe dnscrypt-proxy-secondary.exe dnscrypt-proxy.exe

and so I no longer get those alerts. Hopefully, I have not introduced a security hole!!! Alternatively, I could have whitelisted just the resolver IP addresses, but since I am traveling frequently, I may change my selected resolvers. So, I thought to just whitelist those EXE files.

This story is mentioned here just as an FYI to others who may be using these two programs.

jedisct1 commented 7 years ago

Maybe the amazing @hasherezade could help have this fixed?

fr33tux commented 7 years ago

Which resolver were you using? The detections should not occur anymore.

AlphaCzerwinski commented 7 years ago

Well, I am in a different location now, and of course using a different ISP (here it is a wireless ISP through a shortwave radio on a 50 foot antenna mast). But I have not yet changed the resolvers. Therefore, I believe I was using

  1. D0wn Resolver US 107.181.187.219
  2. Secondary OpenNIC Anycast 185.121.177.53

So later today I will go into Malwarebytes and clear the whitelist. Then I will report back here.

fr33tux commented 7 years ago

Thanks - I've checked again and those IP are not detected.

fr33tux https://fr33tux.org - https://toolslib.net GPG : 8E7F 8550 9FBD 9ED8 E68F ACB9 18E8 99E6 80C4 FF62 XMPP: fr33tux@jabber.otr.im

On March 30, 2017 11:29:34 AM PDT, AlphaCzerwinski notifications@github.com wrote:

Well, I am in a different location now, and of course using a different ISP (here it is a wireless ISP through a shortwave radio on a 50 foot antenna mast). But I have not yet changed the resolvers. Therefore, I believe I was using

  1. D0wn Resolver US 107.181.187.219
  2. Secondary OpenNIC Anycast 185.121.177.53

So later today I will go into Malwarebytes and clear the whitelist. Then I will report back here.

AlphaCzerwinski commented 7 years ago

Thank you Jerome. I have not seen any alarms since I removed the whitelist in Malwarebytes. I will try a few different resolvers but I believe you have fixed it.