Malwarebytes has addressed an issue that prevented users from accessing websites and services hosted on the google.com domain, including Google search and Youtube.
According to a large number of reports from people affected by this, their browsers were prevented from accessing Google sites after Malwarebytes flagged and blocked them as malicious.
As many shared, they were swarmed by a barrage of malware notifications, all pointing to various websites on google.com subdomains tagged as containing malware.
"Malwarebytes pushed a bad update it seems. I couldn't access any Google websites and was getting constant malware notifications from Google websites," one impacted customer said.
"I turned off real time web protection and now it works fine. Any device I have that doesn't have Malwarebytes (Android phone, other windows devices) wasn't affected."
Malwarebytes quickly picked up on what was going on and explained in a tweet published in response to the stream of user reports that this was caused by a temporary issue affecting a web filtering component module in the company's security products.
"We are aware of a temporary issue with the web filtering component of our product that may be blocking certain domains, including http://google.com," the company said.
False positive fix rolling out
Malwarebytes also provided a workaround for impacted users, which required them to disable the buggy module by opening Malwarebytes and toggling off the Web Protection option in the Real Time Protection card.
One hour, the anti-malware software vendor revealed that it had resolved the issue and all customers' software would update on its own to remove the false positive errors.
"The issue is now resolved, and the update should happen automatically. If you are still experiencing issues, please ensure the Malwarebytes client is updated to the latest version," Malwarebytes told affected users via Twitter.
"Once alerted to the problem, our product team resolved the issue and released an update to our web protection database (version 1.0.60360)," added Malwarebytes VP Michael Sherwood in a thread on the company's forum.
"This update is applied during the normal update process, and the issue should automatically resolve. In some cases, updating to the latest database may require temporarily disabling the web filtering feature."
However, according to some reports, the issue might still impact enterprise customers since some endpoints still see Google's domains being blocked.
The most likely reason is that the update still has to finish rolling out to Malwarebytes' entire customer base.
Update: Added further info from Malwarebytes VP Michael Sherwood.
Comments
xafase - 1 year ago
I think they are on to something. You see how much data Google collect. Nothing that is 100% legit would need all of that.
EndangeredPootisBird - 1 year ago
The fact it was Google is hilarious
GT500 - 1 year ago
I don't think it's the first time that's happened.
Winston2021 - 1 year ago
Far worse, the recent "false positive" (I doubt it) for a zero-day claimed to be reported by "anonymous" that was found on my machine and fixed by Chrome/Edge EMERGENCY updates BEFORE a Defender malware signature update was pushed. This doesn't necessarily mean that the malware was within the Electron code, but that once the vulnerability was fixed, the malware could no longer work and thereby no longer revealed itself via its former heuristically-detected as malware actions.
Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-falsely-detects-win32-hivezy-in-google-chrome-electron-apps/
Anyone have a link to a technical explanation about exactly what happened which is what should happen to explain this event?
GT500 - 1 year ago
If your Anti-Virus/Anti-Malware software is having false positives, then you should contact the company that makes it for a resolution. You should also upload the file that is being detected to VirusTotal (unless it is confidential) so that you can share the link to the analysis with them (most Anti-Virus software companies can download files from VirusTotal).
Note: VirusTotal automates certain things that make malware analysis slightly easier, and can help establish that a file is legitimate rather than modified by malware or a threat actor. This information is generally intended to be used by malware analysts, and may not necessarily be useful to everyone else.
U_Swimf - 1 year ago
Virus total is just more of Google plus it's friends and coworkers. I'm not sure you realize how VT works...
U_Swimf - 1 year ago
It's a pissing contest between them all. Google chrome sets outrageous new rules and standards which the entire world seems to have to follow. Yet despite their own and everyone's best efforts to follow these guidelines Google isn't even following it themselves it seems.
Where i am https:// is the default and automatically ALWAYS used, NEVER http unless it's allowed in advance (either by me, network settings, policy, script, etc)... FF has the option still but most home pages or start pages use https and that's the thing here. The S in https meaning the website owners or maintainers bought licenses or certificates from Google or other which allowed them to make their web sites appear more secure. Without the S, it's deemed less secure but Googles OWN WORDS countless times! It's been their accusation anyway but despite the conflict of interest (they sell certificates and licenses ) , and blocking tons of websites like I'm living in China... Google has become quite the censoring pig. Language, YouTube comments, media outlets, developers, NONE are allowed to display any negative light towards the company under penalty of contract that says so when everyone had to agree to their use of services!
Http pages should be marked insecure by antimal if the user wants. I think it's disgusting nobody even mentioned the heart of what the real issue is here. Google can't follow it's open principles and practices due to their business model of total domination.