If DNS Filtering is not controlling access to domains as intended, it may be a configuration or caching issue, browser setting conflict, missing system or network requirements, or missing domains from the allow list.
DNS activity and error messages are logged in the following files:
- C:\ProgramData\Malwarebytes Endpoint Agent\Logs\dnscrypt-proxy.log
- C:\ProgramData\Malwarebytes Endpoint Agent\Logs\mbdnsfilter.log
- C:\ProgramData\Malwarebytes Endpoint Agent\Logs\EndpointAgent.txt
Symptoms
Domains not filtered on the endpoint as configured:
- No domains are being filtered.
- Domains aren't filtered as expected after updating a DNS rule.
- Access to a domain is allowed but content is missing or loads slowly.
Environments
- Malwarebytes Nebula
Causes and resolutions
Cause 1: Endpoints running the endpoint agent do not meet the minimum system requirements for DNS Filtering.
Resolution 1: Update the endpoint to a supported operating system for DNS Filtering. For more information, see Requirements for DNS Filtering in Nebula.
Cause 2: The endpoint is not running the minimum Malwarebytes software component versions for DNS Filtering.
|
Component |
Version |
|
Engine |
Minimum 1.2.0.974 |
|
Endpoint Service |
Minimum 1.2.0.530 |
|
Protection Service |
Minimum 4.5.8.191 |
|
Component Package |
Minimum 1.0.1666 |
Resolution 2: Update the Malwarebytes software on the endpoint to the minimum component versions. For more information, see Malwarebytes Nebula endpoint software update May 5, 2022.
Cause 3: The DNS Content Filtering component is missing from the following locations:
- Endpoint Overview and Agent Information in Nebula.
- The Endpoint Agent About window. To access, right-click the system tray icon on the endpoint.
Resolution 3: Check the following:
- The endpoint is communicating with Nebula. For more information, see Network access requirements and firewall settings for Nebula.
- The endpoint is in the correct group.
- The group is assigned the correct policy.
- The DNS rule has the correct policy included.
- The mbdnsfilter and dnscript-proxy services are running and not suppressed by other security products. For more information, see the following:
Cause 4: Windows DNS over HTTPS (DoH) and browser DoH settings bypassing Malwarebytes DNS Filtering.
Resolution 4: Disable Windows and browser DoH settings. For more information, see Requirements for DNS Filtering in Nebula.
Cause 5: The domain may have been allowed or blocked prior to adjusting any DNS rules and the results are cached.
Resolution 5: Flush your Windows and browser cache.
- Windows
- Run cmdprompt as an administrator.
- Type ipconfig /flushdns and press enter.
- Chrome
- Firefox
- Edge
Cause 6: System time on the endpoint is not correct.
Resolution 6: Adjust your system time to accurately reflect the current time.
Cause 7: Content may be hosted under a different domain not included in the Allow List.
Resolution 7: Identify and add missing domains to the Allow List.
- In the left navigation menu, select DNS Filtering.
- Under the Outcome column, filter results by Block.
- Under the Endpoint column, filter results by the endpoint experiencing the issue.
- Identify additional domains that need to be added to the Allow List.
- Update the allow list for each rule as required.
Return to Malwarebytes Nebula DNS Filtering guide.