MalwareBytes blocked Kaspersky's DNS Lookup of OpenDNS IPs?

Over the past year or so we have had several Kaseya tickets at VirtualAdministrator.com with the following error:

An active MalwareBytes AntiMalware threat was detected on {machinename} at {time}. The threat is:
Name: IP-BLOCK
Location: 67.215.66.149 (Type: outgoing, Port: 59789, Process: avp.exe)
Status: ACTION REQUIRED!

Needless to say it is a weird one!   Why would MalwareBytes be blocking an IP that belongs to OpenDNS which was opened with avp.exe (Kaspersky)?   Well to be honest, we don’t exactly know, but in researching this we found the following:

When OpenDNS detects a domain known to host malware, phishing attacks, or adult content, OpenDNS returns the network address of a page with a warning message.

67.215.66.149 is hit-malware.opendns.com
67.215.66.150 is malware.opendns.com
67.215.65.130 is hit-adult.opendns.com
67.215.65.133 is hit-phish.opendns.com

There is no easy way to determine the exact sequence of events that triggered this,  but Kaspersky and /or MalwareBytes may have the hostname of the malware site listed as a bad site. Now that OpenDNS is effectively blocking it by redirecting the bad site to it warning message the IP 67.215.66.149 triggers the “IP Block” error.

You can avoid getting the MalwareBytes alert by adding it to the exclusion list in the Kaseya MalwareBytes profile.  It should be “Type:IPv4: 67.215.66.149”. You could also add “Type:File:avp.exe” to the list of exclusions in MalwareBytes

This could also be avoided by not allowing MalwareBytes to actively scan files.   The normal best practice from us when using KAV (Kaspersky) and KAM (MalwareBytes) is to only use MalwareBytes as a scanning or remediation engine.  This could also be a case of having 3 antimalware engines at work simultaneously!

If you have other ideas or experiences, please leave them in the comments!