IP-Api.com blocked by Malware Bytes

I have started getting website blocked messages from Malware Bytes about Quicken trying to connect to IP-api.com. It's apparently a geo location app and Quicken seems to continue after the outbound connection is blocked but it's a pain to have to dismiss the alert. When I contacted Support via Chat, I got an explanation that Quicken is only supposed to be used in the US and Canada but the explanation was not clear. When I asked about what happens when I travel overseas and want to use Quicken, I got an answer saying they would figure out a way for me to access if I get blocked. I don't think Quicken should be trying to do any tracking without permission and they authenticate Quicken ids these days. Comments?

Comments

  • bluesgene
    bluesgene Member ✭✭
    When I opened Quicken today, Malwarebytes blocked ip-api.com . Will that be a problem?
  • Houstee
    Houstee Member ✭✭
    Same here.


    -Log Details-
    Protection Event Date: 2/14/23
    Protection Event Time: 5:23 PM

    -Blocked Website Details-
    Malicious Website: 1
    , C:\Program Files (x86)\Quicken\qw.exe, Blocked, -1, -1, 0.0.0, ,

    -Website Data-
    Category: PUP
    Domain: ip-api.com
    IP Address: 208.95.112.1
    Port: 80
    Type: Outbound
    File: C:\Program Files (x86)\Quicken\qw.exe


    Why is Quicken trying to connect to ip-api.com? What is the purpose? And why is connecting on port 80 instead of 443 which is encrypted?
  • Houstee
    Houstee Member ✭✭
    After a quick search on the Internet, ip-api.com may be infected with malware (being reported on other websites) and that is why Malwarebytes is alerting. How do we get this issue sent to the right Quicken technical support people?
  • Mikul
    Mikul Member ✭✭
    edited February 2023
    Why have I begun getting warnings about a PUP whenever I open Quicken? (see attached screenshot) The source IP Address is 208.95.1121.
  • Hugh Crawley
    Hugh Crawley Member ✭✭
    I have same issue and will be interested in how to make a fix for this issue.
  • Pedro504
    Pedro504 Member ✭✭✭
    same issue here with Malewarebytes Premium 4.5.22 reporting as pup on website ip-api.com via port 80

    You Don't Have to Have a Point, To Have A Point

  • Kenneth Goodwin
    Kenneth Goodwin Member ✭✭✭
    Same problem with Quicken Deluxe, Windows 11 Pro 64-bit.  Great to know my financial baseline has a security concern.
  • splasher
    splasher SuperUser ✭✭✭✭✭
    Have you tried a VPN with a US based end-point?  I think support misspoke when they said "only supposed to be used in the US and Canada", it can be used anywhere, it is only supported for use in US and Canada.

    -splasher using Q continuously since 1996
    - Subscription Quicken - Win11 and QW2013 - Win11
    -Questions? Check out the Quicken Windows FAQ list

  • Pedro504
    Pedro504 Member ✭✭✭
    > @Pedro504 said:
    > same issue here with Malewarebytes Premium 4.5.22 reporting as pup on website ip-api.com via port 80

    It appears this is a location tracking website, why does Quicken need to do this for authenticated licensed users?

    You Don't Have to Have a Point, To Have A Point

  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    edited February 2023
    This comes from misguided "security experts".  Unfortunately, there are several "myths" that have long ago been adopted as truths in the "security community" and policies have been made based on them.

    The one in question is that it is a reasonable action to lookup where an IP is located to determine if they think that this might and attempt to break into their network from known locations that have "bad actors".  This is a ridiculous assumption because it easy to fake your IP address and as such where you are from.  For example, the easiest way to is to do exactly what @splasher suggested and use a VPN.  That way the Quicken servers will see your IP address as the one from the VPN server, which can be located anywhere in the world, while you are anywhere else in the world.  It is also very easy with the right software to fake IP addresses.  This means that the whole policy is based on a false assumption that IP address == Location, when it doesn't.

    But that doesn't stop financial institutions and such from instituting such policies (and Quicken Inc is trying to "be as secure as the financial institutions".

    Bottom line is they aren't trying to ""track you", they're simply following the stupid "acceptable security policies".
    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • Glively
    Glively Member
    I started receiving the same message 2/14/23. Is there a fix for this?
  • GermanBlueRam
    GermanBlueRam Member ✭✭✭✭
    edited February 2023
    Same here.  


  • GermanBlueRam
    GermanBlueRam Member ✭✭✭✭
    Turning my VPN on worked. Thanks folks.   :)


  • smayer97
    smayer97 SuperUser ✭✭✭✭✭
    Is this only a QWin issue? Does this also apply to QMac?

    Have Questions? Help Guide for Quicken for Mac
    FAQs: Quicken MacQuicken WindowsQuicken Mobile
    Add your VOTE to Quicken for Mac Product Ideas

    Object to Quicken's business model, using up 25% of your screen? Add your vote here:
    Quicken should eliminate the LARGE Ad space when a subscription expires

    (Now Archived, even with over 350 votes!)

    (Canadian user since '92, STILL using QM2007)

  • Same issue here:

    -Blocked Website Details-
    Malicious Website: 1
    , C:\Program Files (x86)\Quicken\qw.exe, Blocked, -1, -1, 0.0.0, ,

    -Website Data-
    Category: PUP
    Domain: ip-api.com
    IP Address: 208.95.112.1
    Port: 80
    Type: Outbound
    File: C:\Program Files (x86)\Quicken\qw.exe

    Windows 11 Professional
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    edited February 2023
    smayer97 said:
    Is this only a QWin issue? Does this also apply to QMac?
    I would imagine (but don't know for sure) that Quicken Mac is doing the same thing, and that in fact both have been doing this for quite some time, but what changed was MalwareBytes.  I doubt that Quicken Inc is going to provide any clarification on the matter, they believe in "hiding how things are done is how you keep things secure" (or maybe stated, they don't believe in transparency for basically any reason).
    Signature:
    This is my website: http://www.quicknperlwiz.com/
  • Houstee
    Houstee Member ✭✭
    I also posted a concern about this in the Malwarebytes forum yesterday and they said they would "fix it" in the next update. I did not get the MB alert today after launching Quicken and my MB application was also updated today. So maybe they fixed it.
  • GermanBlueRam
    GermanBlueRam Member ✭✭✭✭
    Houstee said:
    I also posted a concern about this in the Malwarebytes forum yesterday and they said they would "fix it" in the next update. I did not get the MB alert today after launching Quicken and my MB application was also updated today. So maybe they fixed it.
    I saw that - thanks for doing it.  
  • jgsailor
    jgsailor Member ✭✭
    Right... get all this, but what does that have to do with using a PC? I can see that using it overseas might be blocked on my phone, but my computer hasn't left the office for decades.
  • mshiggins
    mshiggins SuperUser ✭✭✭✭✭
    jgsailor said:
    Right... get all this, but what does that have to do with using a PC? I can see that using it overseas might be blocked on my phone, but my computer hasn't left the office for decades.
    https://community.quicken.com/discussion/comment/20339567/#Comment_20339567

    Quicken user since Q1999. Currently using QW2017.
    Questions? Check out the Quicken Windows FAQ list

  • Quicken Janean
    Quicken Janean Moderator admin

    Hi all, our developers requested that if you have not tried rebooting your device to do that as the IP has been whitelisted and should not be detected. Thanks!

    -Quicken Janean

    Quicken Janean

    Make sure to sign up for the email digest to see a round up of your top posts.

  • jgsailor
    jgsailor Member ✭✭
    White listing what IP address? My system has been rebooted multiple times for various reasons. Why would my IP address change? As best I can tell, it hasn't changed in quite some time... years.
  • jgsailor
    jgsailor Member ✭✭
    Maybe you can get your developers to work on stable software updates? The last one, 27.1.48.15 didn't finish cleanly, which basically broke the ability to not have the password vault continually, daily ask for the password before downloading transaction. Now, after entering the password, the flag continually tells me that the program was "updated." Even tried the mondo patch, which had no effect on the situation.

    I have a long history of tech support issues with this issue, going back years.
  • jgsailor
    jgsailor Member ✭✭
    > @mshiggins said:
    > https://community.quicken.com/discussion/comment/20339567/#Comment_20339567

    Yep.. I actually added both ip-api.com and their IP address to MWB. Perhaps I'll try the VPN, but this is not a portable system.
This discussion has been closed.