Advice Request BD Online Threat Prevention Critical Warning

[Divine_Barakah]

Hi,


I installed BDIS a few hours ago and now when I was checking the notification I saw a critical warning

"msegde.exe attempted to establish a connection relying on an unmatching security certificate to sync.pmbmonetize.live. We blocked the connection to keep your data safe since the user certificate was issued for a different web address than the targeted one."

I don't use MS Edge and I have the "keep running MSedge when closed" option disabled.

Should I be concerned?

 

[Parkinsond]

Hi,


I installed BDIS a few hours ago and now when I was checking the notification I saw a critical warning

"msegde.exe attempted to establish a connection relying on an unmatching security certificate to sync.pmbmonetize.live. We blocked the connection to keep your data safe since the user certificate was issued for a different web address than the targeted one."

I don't use MS Edge and I have the "keep running MSedge when closed" option disabled.

Should I be concerned?

May be some extension on Edge trying to establish connection in the background.

 

[Divine_Barakah]

May be some extension on Edge trying to establish connection in the background.

I don't use MSegde and I don't have any extensions installed in Edge. That's why I'm concerned.

 

[Divine_Barakah]

Two users on Reddit posted the same warning but with no answers.

 

[Divine_Barakah]

The verdict on Hybrid analysis is "Malicious"?

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'https://sync.pmbmonetize.live/psync?t=s&e=118&cb=https%3A%2F%2Fcs.openwebmp.com%2Fcs%3Faid%3D40047%26id%3D%25USER_ID%25'

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.

hybrid-analysis.com

 

[Parkinsond]

Two users on Reddit posted the same warning but with no answers.

That's what I get when trying to visit

 

[Divine_Barakah]

The warnings are driving me crazy.

Most warnings say "chrome.exe attempted to establish a connection relying on a revoked certificate to........."


NextDNS.io is among the websites.


Any ideas

 

[Parkinsond]

The warnings are driving me crazy.

Most warnings say "chrome.exe attempted to establish a connection relying on a revoked certificate to........."
View attachment 293430

NextDNS.io is among the websites.


Any ideas

Might be FP? B is famous for.

 

[Victor M]

1. MsEdge is a LoLbin
2. MsEdge runs at startup regardless whether you use it or not. As such, it is a easy target vector.
3. It is used along with webview2.
4. I ban them both via WDAC.

 

[Victor M]

You can't trust AV's totally to determine if it was maliciously sidetracked into doing what you don't want. That's why you ban things you never run.

 

[Divine_Barakah]

Might be FP? B is famous for.

I'll have to confirm with BD support

 

[Parkinsond]

MsEdge runs at startup regardless whether you use it or not

I have this disabled on settings, with no sign for Edge in process manager.

It is used along with webview2

Webview2 is uninstallable; I always uninstall (not needed for me).

 

[Victor M]

A FP is when a normal thing is detected as malicious. You don't even use MsEdge, so it is not normal.

 

[Parkinsond]

A FP is when a normal thing is detected as malicious. You don't even use MsEdge, so it is not normal.

A FP could be detecting connection to a malicious domain, while there is no actual connection.

 

[Divine_Barakah]

I have this disabled on settings, with no sign for Edge in process manager.

I have it disabled too.

A FP is when a normal thing is detected as malicious. You don't even use MsEdge, so it is not normal.

That's why I'm concerned. I will provide logs to BD support and see.

A FP could be detecting connection to a malicious domain, while there is no actual connection.

Hmmmm I'm not sure if that's what happened. But I don't think that was the case.

 

[Victor M]

Your BD's failure to reach it's server is suspicious, by the way. DNS is DNS with it's standard commands. Doesn't matter if you use this or that DNS.

 

[Divine_Barakah]

Your BD's failure to reach it's server is suspicious, by the way. DNS is DNS with it's standard commands. Doesn't matter if you use this or that DNS.

When I installed BD, I was not using a custom DNS so it probably was my ISP DNS. When BD failed to connect, I changed the DNS to CloudFlare systemwide (DNS over HTTPS in Windows settings) but that did not fix the issue, so I contacted BD support and they recommended using Google DNS which did fix the issue.

So I'm not sure what happened or what caused the block as I'm still waiting for BD support to confirm what was wrong.


Now I'm using NextDNS systemwide and in browser settings and everything seems to be running as intended.


Now BD has reported 4 different vulnerabilities in Internet Explorer which I thought was removed from Windows? Maybe it is still there because I'm using Windows LTSC?

 

[Victor M]

I think what matters is that you changed your DNS to something you didn't use before, correct? And that was unexpected.

 

[Parkinsond]

Now BD has reported 4 different vulnerabilities in Internet Explorer which I thought was removed from Windows? Maybe it is still there because I'm using Windows LTSC?

IE is removed from W 11 24h2, regardless of being LTSC or GAC.

 

[Victor M]

Pirated LTSC ?