MalwareBytes blocked Kaspersky's DNS Lookup of OpenDNS IPs?

Over the past year or so we have had several Kaseya tickets at with the following error:

An active MalwareBytes AntiMalware threat was detected on {machinename} at {time}. The threat is:
Location: (Type: outgoing, Port: 59789, Process: avp.exe)

Needless to say it is a weird one!   Why would MalwareBytes be blocking an IP that belongs to OpenDNS which was opened with avp.exe (Kaspersky)?   Well to be honest, we don’t exactly know, but in researching this we found the following:

When OpenDNS detects a domain known to host malware, phishing attacks, or adult content, OpenDNS returns the network address of a page with a warning message. is is is is

There is no easy way to determine the exact sequence of events that triggered this,  but Kaspersky and /or MalwareBytes may have the hostname of the malware site listed as a bad site. Now that OpenDNS is effectively blocking it by redirecting the bad site to it warning message the IP triggers the “IP Block” error.

You can avoid getting the MalwareBytes alert by adding it to the exclusion list in the Kaseya MalwareBytes profile.  It should be “Type:IPv4:”. You could also add “Type:File:avp.exe” to the list of exclusions in MalwareBytes

This could also be avoided by not allowing MalwareBytes to actively scan files.   The normal best practice from us when using KAV (Kaspersky) and KAM (MalwareBytes) is to only use MalwareBytes as a scanning or remediation engine.  This could also be a case of having 3 antimalware engines at work simultaneously!

If you have other ideas or experiences, please leave them in the comments!