IP-Api.com blocked by Malware Bytes
Barry Berkov
Member ✭✭
I have started getting website blocked messages from Malware Bytes about Quicken trying to connect to IP-api.com. It's apparently a geo location app and Quicken seems to continue after the outbound connection is blocked but it's a pain to have to dismiss the alert. When I contacted Support via Chat, I got an explanation that Quicken is only supposed to be used in the US and Canada but the explanation was not clear. When I asked about what happens when I travel overseas and want to use Quicken, I got an answer saying they would figure out a way for me to access if I get blocked. I don't think Quicken should be trying to do any tracking without permission and they authenticate Quicken ids these days. Comments?
0
Comments
-
When I opened Quicken today, Malwarebytes blocked ip-api.com . Will that be a problem?0
-
Same here.
-Log Details-
Protection Event Date: 2/14/23
Protection Event Time: 5:23 PM
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Quicken\qw.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: PUP
Domain: ip-api.com
IP Address: 208.95.112.1
Port: 80
Type: Outbound
File: C:\Program Files (x86)\Quicken\qw.exe
Why is Quicken trying to connect to ip-api.com? What is the purpose? And why is connecting on port 80 instead of 443 which is encrypted?0 -
After a quick search on the Internet, ip-api.com may be infected with malware (being reported on other websites) and that is why Malwarebytes is alerting. How do we get this issue sent to the right Quicken technical support people?0
-
Why have I begun getting warnings about a PUP whenever I open Quicken? (see attached screenshot) The source IP Address is 208.95.1121.0
-
I have same issue and will be interested in how to make a fix for this issue.0
-
same issue here with Malewarebytes Premium 4.5.22 reporting as pup on website ip-api.com via port 80
You Don't Have to Have a Point, To Have A Point
0 -
Same problem with Quicken Deluxe, Windows 11 Pro 64-bit. Great to know my financial baseline has a security concern.0
-
Have you tried a VPN with a US based end-point? I think support misspoke when they said "only supposed to be used in the US and Canada", it can be used anywhere, it is only supported for use in US and Canada.
-splasher using Q continuously since 1996
- Subscription Quicken - Win11 and QW2013 - Win11
-Questions? Check out the Quicken Windows FAQ list1 -
> @Pedro504 said:
> same issue here with Malewarebytes Premium 4.5.22 reporting as pup on website ip-api.com via port 80
It appears this is a location tracking website, why does Quicken need to do this for authenticated licensed users?You Don't Have to Have a Point, To Have A Point
0 -
This comes from misguided "security experts". Unfortunately, there are several "myths" that have long ago been adopted as truths in the "security community" and policies have been made based on them.
The one in question is that it is a reasonable action to lookup where an IP is located to determine if they think that this might and attempt to break into their network from known locations that have "bad actors". This is a ridiculous assumption because it easy to fake your IP address and as such where you are from. For example, the easiest way to is to do exactly what @splasher suggested and use a VPN. That way the Quicken servers will see your IP address as the one from the VPN server, which can be located anywhere in the world, while you are anywhere else in the world. It is also very easy with the right software to fake IP addresses. This means that the whole policy is based on a false assumption that IP address == Location, when it doesn't.
But that doesn't stop financial institutions and such from instituting such policies (and Quicken Inc is trying to "be as secure as the financial institutions".
Bottom line is they aren't trying to ""track you", they're simply following the stupid "acceptable security policies".Signature:
This is my website: http://www.quicknperlwiz.com/4 -
I started receiving the same message 2/14/23. Is there a fix for this?0
-
Same here.
0 -
Turning my VPN on worked. Thanks folks.
0 -
Is this only a QWin issue? Does this also apply to QMac?
Have Questions? Help Guide for Quicken for Mac
FAQs: Quicken Mac • Quicken Windows • Quicken Mobile
Add your VOTE to Quicken for Mac Product Ideas
Object to Quicken's business model, using up 25% of your screen? Add your vote here:
Quicken should eliminate the LARGE Ad space when a subscription expires(Now Archived, even with over 350 votes!)
(Canadian user since '92, STILL using QM2007)
0 -
Same issue here:
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Quicken\qw.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: PUP
Domain: ip-api.com
IP Address: 208.95.112.1
Port: 80
Type: Outbound
File: C:\Program Files (x86)\Quicken\qw.exe
Windows 11 Professional0 -
I would imagine (but don't know for sure) that Quicken Mac is doing the same thing, and that in fact both have been doing this for quite some time, but what changed was MalwareBytes. I doubt that Quicken Inc is going to provide any clarification on the matter, they believe in "hiding how things are done is how you keep things secure" (or maybe stated, they don't believe in transparency for basically any reason).smayer97 said:Is this only a QWin issue? Does this also apply to QMac?Signature:
This is my website: http://www.quicknperlwiz.com/1 -
I also posted a concern about this in the Malwarebytes forum yesterday and they said they would "fix it" in the next update. I did not get the MB alert today after launching Quicken and my MB application was also updated today. So maybe they fixed it.2
-
I saw that - thanks for doing it.Houstee said:I also posted a concern about this in the Malwarebytes forum yesterday and they said they would "fix it" in the next update. I did not get the MB alert today after launching Quicken and my MB application was also updated today. So maybe they fixed it.0 -
Right... get all this, but what does that have to do with using a PC? I can see that using it overseas might be blocked on my phone, but my computer hasn't left the office for decades.0
-
https://community.quicken.com/discussion/comment/20339567/#Comment_20339567jgsailor said:Right... get all this, but what does that have to do with using a PC? I can see that using it overseas might be blocked on my phone, but my computer hasn't left the office for decades.Quicken user since Q1999. Currently using QW2017.
Questions? Check out the Quicken Windows FAQ list0 -
Hi all, our developers requested that if you have not tried rebooting your device to do that as the IP has been whitelisted and should not be detected. Thanks!
-Quicken Janean
Quicken Janean
Make sure to sign up for the email digest to see a round up of your top posts.
0 -
White listing what IP address? My system has been rebooted multiple times for various reasons. Why would my IP address change? As best I can tell, it hasn't changed in quite some time... years.0
-
Maybe you can get your developers to work on stable software updates? The last one, 27.1.48.15 didn't finish cleanly, which basically broke the ability to not have the password vault continually, daily ask for the password before downloading transaction. Now, after entering the password, the flag continually tells me that the program was "updated." Even tried the mondo patch, which had no effect on the situation.
I have a long history of tech support issues with this issue, going back years.0 -
> @mshiggins said:
> https://community.quicken.com/discussion/comment/20339567/#Comment_20339567
Yep.. I actually added both ip-api.com and their IP address to MWB. Perhaps I'll try the VPN, but this is not a portable system.0
This discussion has been closed.