Router GUI access blocked by Malwarebytes

[martinr]

Just in case anyone else runs into this problem:

RT AC68U
Windows 10 Ultimate
Malwarebytes Premium

Today I couldn't access the router's UI (internally, of course) from my laptop (over wifi or Ethernet), but I could ping it via a command prompt.

It turned out to be Malwarebytes Premium and was solved by putting the router's internal IP address in the Exclusions list.

I've no idea what changed - I've run Malwarebytes Premium for a few years.

 

[ColinTaylor]

Interesting. Does Malwarebytes Premium have any logs that might give a clue.

 

[martinr]

Good thinking! I never thought of that. I'll have a look if there's a logfile and report back.

Thanks, Colin.

 

[martinr]

Interesting. Does Malwarebytes Premium have any logs that might give a clue.

Hello @ColinTaylor

Nothing in the Malwarebytes reports to indicate why it rejected the router's internal IP address, and also nothing when I went into Settings and set up detailed reporting for troubleshooting (after first removing the IP address from Exclusions). But when I switched the laptop on yesterday and today, a pile of delayed pop ups appeared saying Malwarebytes had blocked the access to the router's IP address. And right clicking the icon in the Notification Area actually offered me the option to add that IP address to the Malwarebytes Exclusions list (and does so without asking for the admin password, same as I can turn off the protection in Birdefender Antivirus without it asking for a password, but that's another story.). Anyway, a good reason to run some full anti-malware scans for peace of mind.

 

[ColinTaylor]

Maybe it doesn't like the fact that your router is using port 51933 instead of 80/443 (if I'm reading the message correctly)?

 

[martinr]

Maybe it doesn't like the fact that your router is using port 51933 instead of 80/443 (if I'm reading the message correctly)?

I also didn't understand that port number, but if you don't understand it either, then I feel excused. I figured that it was the ubiquitous program svchost that was using port 51933. Certainly, my webui interface is on the router's port 80; I'm not even using port 443.

 

[ColinTaylor]

Ah, OK. Then it must be referring to the source port not the destination. You can do a "netstat -n" from the Windows command prompt to see the source and destination addresses/ports.

 

[martinr]

And just in case anyone has a similar problem, here's an update, today, with my router's IP address still excluded in Malwarebytes Premium Exclusion List, Bitdefender Antivirus Free decided to get in on the act. Turn off the Bitdefender protection and the webUI login page can be accessed; turn it back on, and it's blocked in all my browsers (Firefox, Chrome, Edge).

Not a problem, not even annoying, just quirky.

 

[ColinTaylor]

What firmware version are you running? If I remember correctly Merlin said that 380.68 had a major UI change, maybe that has something to do with it. Did the problem occur after you updated the firmware?

 

[martinr]

What firmware version are you running? If I remember correctly Merlin said that 380.68 had a major UI change, maybe that has something to do with it. Did the problem occur after you updated the firmware?

I'm on 380.68 (and 380.68_4 on my reserve router - they're both RT-AC68U, and it happens with each of them.). That said, Bitdefender was quite happy last week (no firmware updates done in that time). I can't remember with Malwarebytes if blocking intervention coincided with the firmware update or not. Certainly, it was around that time. As I say, though, it really isn't a problem: I can use it as an indicator of the status of the antivirus!

 

[Xentrk]

I have Malwarebytes Premium and can access the browsers web GUI using http and https.

 

[martinr]

I have Malwarebytes Premium and can access the browsers web GUI using http and https.

Windows 10 (64 bit), too? I have another laptop running Windows 7 (32 bit) with Malwarebytes Premium and Bitdefender AV Free;, which has no problem accessing the GUI. Just Sod's Law, that's all.

 

[Xentrk]

Windows 10 (64 bit), too? I have another laptop running Windows 7 (32 bit) with Malwarebytes Premium and Bitdefender AV Free;, which has no problem accessing the GUI. Just Sod's Law, that's all.

Yes, Windows 10 (64 bit). I'll let you know if anything changes. I update Malwarebytes every day.

 

[martinr]

Yes, Windows 10 (64 bit). I'll let you know if anything changes. I update Malwarebytes every day.

And I'll let you know if anything changes after I've updated with the Windows Fall Creators update, but I'll be waiting until I see how it's going down, first.

 

[Trikein]

Any difference if you're accessing from a IP under the same subnet as the router's access IP? The main problem is it's probably warning about the lack of certificate and HTTPS, but that isn't a issue since the server is literally inside the modem. I would think the error message should give a place to click to add an exception.

 

[citrixscu]

Resurrecting this one as this issue seems to have resurfaced. I have 3 ASUS routers, none of which are able to connect due to MB3 blocking: "Malwarebytes blocked a suspected bad URL or an unwanted program." Excluding the routers' IP addresses has no effect, either. The only workaround I see is to disable MB3 Web Protection, for now at least.

Edit: MB3 seems to be rejecting on port 80. HTTPS works fine once the security exception is granted.

 

[martinr]

Resurrecting this one as this issue seems to have resurfaced. I have 3 ASUS routers, none of which are able to connect due to MB3 blocking: "Malwarebytes blocked a suspected bad URL or an unwanted program." Excluding the routers' IP addresses has no effect, either. The only workaround I see is to disable MB3 Web Protection, for now at least.

Edit: MB3 seems to be rejecting on port 80. HTTPS works fine once the security exception is granted.

Not tried it lately; I keep being nagged to install the MB program update but somethin’s blocking the installation. It’s possibly CryptoPrevent, which is a bit of a palaver to disable for the instal, but I’ll try it over the weekend and let you know.

 

[unsynaps]

Just whitelist the IP?

 

[martinr]

As expected, CryptoPrevent was stopping the installation. So MB Premium 3.3.1.2183 is now installed and I can still access the router GUI (the IP address is still in the Exclusions list).