If DNS Filtering is not controlling access to domains as intended or blocking Microsoft services, it may be a configuration or caching issue, browser setting conflict, missing system or network requirements, or missing domains from the allow list.
DNS activity and error messages are logged in the following files:
- C:\ProgramData\Malwarebytes Endpoint Agent\Logs\dnscrypt-proxy.log
- C:\ProgramData\Malwarebytes Endpoint Agent\Logs\mbdnsfilter.log
- C:\ProgramData\Malwarebytes Endpoint Agent\Logs\EndpointAgent.txt
Domains not filtered on the endpoint as configured:
- No domains are being filtered.
- Domains aren't filtered as expected after updating a DNS rule.
- Access to a domain is allowed but content is missing or loads slowly.
- Windows or Office365 not functioning properly.
- Malwarebytes Nebula
Causes and resolutions
Cause 1: Endpoints running the endpoint agent do not meet the minimum system requirements for DNS Filtering.
Resolution 1: Update the endpoint to a supported operating system for DNS Filtering. For more information, see Requirements for DNS Filtering in Nebula.
Cause 2: The endpoint is not running the minimum Malwarebytes software component versions for DNS Filtering.
Resolution 2: Update the Malwarebytes software on the endpoint to the minimum component versions. For more information, see Malwarebytes Nebula endpoint software update May 5, 2022.
Cause 3: The DNS Content Filtering component is missing from the following locations:
- Endpoint Overview and Agent Information in Nebula.
- The Endpoint Agent About window. To access, right-click the system tray icon on the endpoint.
Resolution 3: Check the following:
- The endpoint is communicating with Nebula. For more information, see Network access requirements and firewall settings for Nebula.
- The endpoint is in the correct group.
- The group is assigned the correct policy.
- The DNS rule has the correct policy included.
- The mbdnsfilter and dnscript-proxy services are running and not suppressed by other security products. For more information, see the following:
Cause 4: Windows DNS over HTTPS (DoH) and browser DoH settings bypassing Malwarebytes DNS Filtering.
Resolution 4: Disable Windows and browser DoH settings. For more information, see Requirements for DNS Filtering in Nebula.
Cause 5: The domain may have been allowed or blocked prior to adjusting any DNS rules and the results are cached.
Resolution 5: Flush your Windows and browser cache.
- Run cmdprompt as an administrator.
- Type ipconfig /flushdns and press enter.
Cause 6: System time on the endpoint is not correct.
Resolution 6: Adjust your system time to accurately reflect the current time.
Cause 7: Content may be hosted under a different domain not included in the Allow List.
Resolution 7: Identify and add missing domains to the Allow List.
- In the left navigation menu, select DNS Filtering.
- Under the Outcome column, filter results by Block.
- Under the Endpoint column, filter results by the endpoint experiencing the issue.
- Identify additional domains that need to be added to the Allow List.
- Update the allow list for each rule as required.
Cause 8: Microsoft services are included in the blocked categories of the DNS rule.
Resolution 8: Add the following domains to the allow list or global exclusions.
|Technology > Content Servers||Allows Windows to report in the System Tray that there is an internet connection.|
|windowsupdate.com||Business > Business Technology > Information Technology||Allows Windows to update.|
Business > Business
Internet Communication > Webmail
Technology > Content Servers
Technology > Information Technology
Technology > Technology
|Services used for Office365 registration, license, validation, profile lookup, etc.|
Return to Malwarebytes Nebula DNS Filtering guide.