Malware warnings

I’m getting warings in malwarebytes about plex. the IP belongs to protonmail, I still get it when I turn off proton bridge. I tried reinstaling it too. I have no plugins or anything like that, just plex for windows.

Malwarebytes

-Log Details-
Protection Event Date: 9/9/22
Protection Event Time: 9:02 PM
Log File: 0011711e-3072-11ed-a695-049226bf21e8.json

-Software Information-
Version: 4.5.13.208
Components Version: 1.0.1740
Update Package Version: 1.0.59845
License: Premium

-System Information-
OS: Windows 11 (Build 22000.918)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Plex\Plex\QtWebEngineProcess.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain:
IP Address: 185.159.156.20
Port: 32400
Type: Outbound
File: C:\Program Files\Plex\Plex\QtWebEngineProcess.exe

(end)

It’s a false positive. You can check it yourself with https://www.virustotal.com

but why is plex trying to send some thing to a protonmail IP?

What is that?

It’s for using protonmail with an email client, long shot but since its a protonmail ip i tried it

FWIW, this executable doesn’t exist anywhere in my Plex installation (Windows, 32-bit). Looking at the path on your system, it would seem you’re running 64-bit PMS, so there could be a difference.

Then you don’t have the dedicated Player app “Plex for Windows” installed.

This file is regular part of Plex for Windows.
I have it also on my system. I’ve submitted it to Virustotal and and it is not flagged as malware – even by the Malwarebytes scanner engine.

Which means either

• you have other malware on your system, which has infected or replaced this file
• it is a false positive and your Malwarebytes is confused

Ah, of course I only thought of PMS and not any player. Good catch.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.