lmacri

Hi likeastar20: Just to clarify, when you say MBAR are you referring to anti-ransomware (i.e., either the Ransomware Protection built in to Malwarebytes Premium or the standalone Malwarebytes Anti-Ransomware Beta available at https://forums.malwarebytes.com/forum/172-anti-ransomware-beta/ that Firefox described <above>), or are you referring to the option in Malwarebytes for rootkit scanning? As far as I can tell the download button on the Malwarebytes Anti-Rootkit Scanner page at https://www.malwarebytes.com/solutions/rootkit-scanner simply suggests you install Malwarebytes Free (the download button on the Malwarebytes Anti-Rootkit Scanner page redirects to the Malwarebytes Free Downloads page at https://www.malwarebytes.com/mwb-download where you can download Malwarebytes Free for Windows) and then run the rootkit scanner that's built in to both Malwarebytes Free and Premium. I'm not even sure where you could even find a beta for the rootkit scanner, unless you have opted in to receive beta updates in your Malwarebytes options (Settings | General | Beta Updates - my image shows my setting is OFF). Perhaps Firefox or Porthos would know if Malwarebytes offers a standalone rootkit scanner that isn't built in to Malwarebytes. ----------- 64-bit Win 10 Pro v21H2 build 19044.2130 * Firefox v106.0.1 * Microsoft Defender v4.18.2209.7-1.1.19700.3 * Malwarebytes Premium v4.5.16.217-1.0.1792 * Macrium Reflect Free v8.0.6979 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi Firefox, Yes, but it's a bit "hit and miss" if you're trying to find an intermediate section like Tamper Protection and have to guess exactly where to click to page down to the correct section. I think Malwarebytes is the only application I use that doesn't move the scroll bar one "page" at a time when clicked. -------------- 64-bit Win 10 Pro v21H2 build 19044.2130 * Firefox v105.0.3 * Microsoft Defender v4.18.2209.7-1.1.19700.3 * Malwarebytes Premium v4.5.15.215-1.0.1784 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.21.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi Clemens_Ratte-Polle: Thanks for posting about this. I've noticed odd behaviour of the scroll bar in the Malwarebytes settings as well, and it's been this way for several versions of MB v4.x. For example, if I open the General settings and click at the bottom of the scroll bar I expect it to go down one "page" to the top of the Manual Scan Performance Impact section ... ... but instead the scroll bar jumps straight to the bottom, skipping over the Manual Scan Performance Impact, Event Log Data, and Tamper Protection sections. I've just gotten in the habit of using a two-finger swipe on my touchpad to scroll up and down through the settings (which gives a very choppy scroll) or grabbing the scroll bar by clicking and holding the left mouse button on my touchpad and then dragging the scroll bar up and down (which gives a smoother scroll) in order to view sections that aren't at the very top or very bottom of the settings. mbst-grab-results 18 Oct 2022.zip -------------- 64-bit Win 10 Pro v21H2 build 19044.2130 * Firefox v105.0.3 * Microsoft Defender v4.18.2209.7-1.1.19700.3 * Malwarebytes Premium v4.5.15.215-1.0.1784 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.21.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi Chris77: Could you please clarify something. When the Malwarebytes Premium settings at Security | Windows Security Center | Always Register Malwarebytes in the Windows Security Center is turned ON on your Win 11 v22H2 machine does the Security Providers section of Windows Security (located at Windows Security | Settings | Security Providers | Manage Providers on my Win 10 v21H2 laptop) still show that Malwarebytes is turned ON (i.e., that Malwarebytes is your primary Security Provider) and that Microsoft Defender is turned OFF? If Security Providers reports that Microsoft Defender is turned OFF do you see the option to enable Defender's Limited Periodic Scanning, and if so is Limited Periodic Scanning turned on or off? See the images Porthos posted on 02-Feb-2020 in ex-jedi's thread Malwarebytes and Windows Defender. My understanding is that Microsoft Defender and Windows Firewall services should still load at boot-up when any third-party antivirus or anti-malware program (e.g., McAfee, Norton, Malwarebytes Premium, etc.) is configured to be the primary real-time protection since the APIs provide functionality that is used by these third-party antivirus programs, even if Microsoft Defender is "disabled" by these third-party antivirus programs. Is the image you posted <above> showing your Microsoft Defender Antivirus Service (MSMpEng.exe) consuming 2.5% of your CPU typical or only something you see occasionally? Note that I always turn OFF (disable) the Malwarebytes setting at Security | Windows Security Center | Always Register Malwarebytes in the Windows Security Center as shown below. This ensures that my Microsoft Defender AV is registered with Windows as my main real-time antivirus and has the primary responsibility for malware detection and remediation while Malwarebytes Premium will essentially work as a "backup" to look for any potential threats missed by Defender. -------------- 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.3 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1772 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.20.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

My last two Threat Scans (a scheduled scan on 07-Oct-2020 @ 10 PM with Update Package 1.0.60766 and a manual scan on 08-Oct-2022 @ 3 PM with Update Package 1.0.67083) both completed without any detections so I'm guessing a tweak to the AI / machine learning has already corrected my problem. The only oddity I noticed is that I uploaded wsusoffline926.zip to VirusTotal.com for another analysis today and forced a new scan, and the file still has a detection rate of 4/64, but the Malwarebytes scan engine is now detecting this file as MachineLearning/Anomalous.96% (https://www.virustotal.com/gui/file/d6e3635866810c203e7802d0c4c16d12b2f1ff9de6c34ed21a6273631bfc3046?nocache=1) instead of Malware.AI.26769874. wsusoffline926.zip Given that my last two scans have come back clean I'm fine if this thread is marked as resolved. However, I'll be happy to provide additional scan logs for other Malware.AI.26769874 detections for wsusoffline926.zip I've had in the past few days that I haven't posted yet if they would be useful to you. ----------- 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.3 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1772 * Macrium Reflect Free v8.0.6979 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Sorry, I was likely editing my original post when you entered the thread. Every time I scan I get a different file being detected. My first scan last night detected both v9.2.5 and v9.2.6, but subsequent scans only detected v9.2.5. When I posted my FP report today I didn't realize Malwarebytes was detecting v9.2.6 (but not v9.2.5), so I edited my original post and attached the zipped file and today's scan log for v9.2.6. I just ran another Threat Scan a few minutes ago and I'm back to no detections (even though fresh VirusTotal scans of the SHA-256 hashes still show that Malwarebytes is flagging both wsusoffline925.zip and wsusoffline926 as Malware.AI.26769874) so Malwarebytes must be tweaking something in the Update Packages that keeps changing the detection of these WSUS Offline Update zipped files on my system. There's no point trying to fix this on your end if my scans aren't giving consistent results, so I'll wait until this evening and let you know if my scheduled Threat Scan at 6:00 PM detects either of these files.

I have an old ESR (extended support release for Win XP/Vista) version of WSUS Offline Update ESR v9.2.6 named wsusoffline926.zip that I downloaded from https://download.wsusoffline.net/ back in 2020 that is now being detected by Malwarebytes Threat Scans as Malware.AI.26769874. The VirusTotal report athttps://www.virustotal.com/gui/file/d6e3635866810c203e7802d0c4c16d12b2f1ff9de6c34ed21a6273631bfc3046 has a detection rate of 4/65, with Malwarebytes being 1 of 4 security vendors detecting this file as suspicious/malicious. The first scan on my system that detected this file yesterday was using Update Package v1.0.60732. Newer versions of this utility like ESR v11.9.1 are not being detected so there must be some executable bundled inside the old Win XP/Vista ESR version that Malwarebytes doesn't like. I've attached a copy of wsusoffline926.zip as well as today's Malwarebytes scan log. wsusoffline926.zip MB Pro v4_5_14 False Positive WSUS Offline Update 07 Oct 2020.txt ----------- 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.2 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1772 * Macrium Reflect Free v8.0.6979 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi AdvancedSetup: Would it be possible to at least re-post the full offline installer for the previous v4.5.14.210-1.0.1767 (mb4-setup-consumer-4.5.14.210-1.0.1767-1.0.60057.exe) released on 14-Sep-2022 that was available at https://downloads.malwarebytes.com/file/mb4_offline up until a few days ago? The v4.5.11.202-1.0.1706 (mb4-setup-consumer-4.5.11.202-1.0.1706-1.0.57206.exe) currently available at that link is four or five versions out-of-date.

Just an FYI that I browsed to https://downloads.malwarebytes.com/file/mb4_offline today to see if the full offline installer for the latest MB for Windows v4.5.14.210-1.0.1772 (rel. 27-Sep-2022) has been posted yet, and I'm being offered the installer for the old v4.5.11.202-1.0.1716 (rel. 13-Jul-2022).

My Update Package just updated from v1.0.60360 (delivered 21-Sep-2022) to v1.0.60375. ------------ 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.1 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi garioch7: Out of curiosity, what is the version number of your Update Package (malware definition set)? I don't have permission to open your mbam_scan_results.txt attachment so I can't see your version numbers. I just re-scanned my MiniToolBox.exe (file version v13.5.2022.0) with Update Package v1.0.60375 and the scan is clean. I also downloaded a fresh copy from https://www.bleepingcomputer.com/download/minitoolbox/ and that scan of MiniToolBox.exe was clean as well. MB v4_5_14 Scan Log Farbar MiniToolBox No Detecion 23 Sep 2022.txt ------------ 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.1 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi Porthos: Not in my location in Canada - at least not yet. I'm still on Update Package v1.0.60360, and when I run a manual check for updates (i.e., by right-clicking my system tray icon and choosing "Check for Updates" or going to Settings | General | Application Updates | Check for Updates) it does not detect any available updates. ------------ 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi Porthos: Then perhaps one of the Moderators should go back to those locked threads and post the relevant extract from the PDF in msherwood's Resolution of Today’s Web Filtering Issue that explains why malware definition updates have been paused. I still can't open the PDF in that thread, even when I'm logged into the forum, and I don't see how anyone without advanced privileges (i.e., anyone who doesn't have the rank of Trusted Advisor or Expert) who read fxjacobb's original topic No Updates to Malwarebytes in 45 Hours would understand why updates have been paused since Update Package v1.0.60360 was released on 21-Sep-2022. ------------ 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

I've also noticed that my Malwarebytes Premium has not received a new virus definition set (Update Package) since v1.0.60360 was delivered, and when I run a manual check for updates (i.e., by right-clicking my system tray icon and choosing "Check for Updates") it does not detect any available updates, which seems odd to me mbst-grab-results.zip Like the OP fxjacobb, I'm also confused why Moderators are locking threads from users posting that their virus definitions appear to have stopped updating since Update Package v1.0.60360 was delivered on 21-Sep-2022. This has nothing to do with the fact that Update Package v1.0.60360 included a fix for the Web Protection bug where Malwarebytes was blocking connections to Google-related websites. If Malwarebytes still hasn't figured out how to resume product updates without triggering this bug again (which is what the PDF appears to be saying) then the problem isn't really solved and the threads about a lack of updates shouldn't be marked as resolved and locked. ------------ 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.20.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi shadowwar: Problem solved. I can confirm my scheduled Threat scan ran this evening (Update Package v1.0.60323) and Farbar's MiniToolBox.exe is no longer detected as a threat. Thanks for whitelisting this executable so quickly. ---------- 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.20.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

I'm seeing a possible false positive detection for Farbar's MiniToolBox (available for download at https://www.bleepingcomputer.com/download/minitoolbox/). I've had the MiniToolBox.exe file saved in my C:\<myusername>\Downloads folder for several years but my scheduled Threat scan of 19-Sep-2022 (Update Package v1.0.60281) detected it yesterday as Malware.Sandbox.17 and sent it to quarantine. I downloaded a fresh copy of MiniToolBox.exe today (20-Sep-2022) from BleepingComputer and ran manual Threat scan (Update Package v1.0.60303), and today it was detected as Malware.AI.4088022580. Both scan logs are attached, as well as the zipped copy of MiniToolBox.exe I downloaded today. MB v4_5_14 Scan Log Malware_Sandbox_17 FP Farbar MiniToolBox 19 Sep 2022.txt MB v4_5_14 Scan Log Malware_AI_4088022580 FP Farbar MiniToolBox 20 Sep 2022.txt MiniToolBox.zip ---------- 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v105.0.0 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1767 * Macrium Reflect Free v8.0.6979 * Inspiron 5583/5584 BIOS v1.20.0 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi WorsTalentScout: Further to Portho's comments, your image doesn't show the full name of your second detection (PUP.Optional.CertifiedTB ?) but just note that when I used Norton browser extensions like Norton Safe Search and Norton Safe Web I would occasionally see that PUP.Optional.Ask detection as a false positive detection because these browser extensions used Ask.com as their search engine. See my old 2017 thread Possible FP - PUP.Optional.ASK Detection for Norton Safe Search? for more information. PUP (potentially unwanted programs) and PUM (potentially unwanted registry modifications) detections are often browser toolbars, adware, scareware and other lower-risk threats that meet the criteria posted at https://www.malwarebytes.com/pup. I have Malwarebytes configured to warn me before it removes any PUPs or PUMs at Settings (gear icon) | Security | Potentially Unwanted Items so I have a chance to review those lower-risk threats before they are quarantined. If I think that Malwarebytes has incorrectly detected something I might want to keep I post the detection report (scan log) in the False Positives | File Detections board and let someone from Malwarebytes take a second look before I decide if they should be removed. The support article View Reports and History in Malwarebytes for Windows describes how to export detection reports as .txt files. ---------- 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v103.0.2 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi Porthos / tommytitko: Further to my previous post, I was reviewing anon743's May 2022 thread MBAM 2.2.1: No Definitions Updates After May 19 and came across a 27-May-2022 post <here> from P1W which states in part: AdvancedSetup's 2013 instructions at MBAM Clean Removal Process include a link to the old MBAM Clean Tool v2.x (mbam-clean-2.3.0.1001.exe) but according to my notes when I wiped MBAM v2.2.1 off my Vista SP2 machine in June 2017 I used the MB Clean Tool v3.x (mb-clean-3.1.0.1035.exe), which can be used to remove all versions of MBAM v1.x, MBAM v2.x and Malwarebytes v3.x (Note that employee respinoza published instructions <here> in 2017 for using MB Clean Tool v3.x - I always answered "No" in Step 6 to decline the automatic installation of Malwarebytes v3 and used the full offline installer from https://downloads.malwarebytes.com/file/mb3_legacy for the installation instead). Regardless, P1W's post indicates that you should not use the current Malwarebytes Support Tool v1.8.7 (mb-support-1.8.7.918.exe) to remove the last traces of MBAM v2.2.1. ----------- HP Pavilion dv6835ca * 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1.2522-1.0.365 * Macrium Reflect Free v7.3.6391 ----------- Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1826 * Firefox v103.0.1 * Microsoft Defender v4.18.2205.7-1.1.19400.3 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867

Hi tommytitko: Just an FYI that my comments below are for information only. I don't have sufficient privileges in the forum to read your mb-grab-results.zip diagnostic logs and don't know whether you use the Free or paid (Pro/Premium) version of Malwarebytes, so it would be best if you follow Porthos' instructions going forward since they are a Trusted Advisor and have more experience in this area than I do. I would definitely avoid running a repair with the current Malwarebytes Support Tool v1.8.7 (Advanced | Repair System), since this repair option is normally run under the supervision of a Malwarebytes Support technician and could make changes to important Windows services on your unsupported Win XP SP3 OS that results in unexpected problems, as you found out the hard way. Note that my Vista SP2 computer still boots up but it has essentially been unused since I bought a Win 10 laptop in 2019. ______________________________________________________ When I upgraded from Malwarebytes Anti-Malware (MBAM) Pro v2.2.1 to Malwarebytes Premium v3.x on my Vista SP2 machine back in June 2017 I followed the instructions in AdvancedSetup's Feb 2013 instructions at MBAM Clean Removal Process because I wanted to remove that last traces of MBAM v2.2.1 off my system before the upgrade. Method 1 in those instructions is more complex and intended for users with a paid (Pro/Premium) license, while Method 2 is intended for MBAM Free users. Back then I used the old MBAM Cleanup Tool v3.1.0 (mb-clean-3.1.0.1035.exe) referenced in AdvancedSetup's instructions to wipe the last traces of MBAM v2.2.1 off my system before re-booting and installing the latest Malwarebytes v3.x. However, that old MBAM Cleanup Tool was replaced a few years ago by the current Malwarebytes Support Tool v1.8.7 (Advanced | Clean), so someone from Malwarebytes would have to tell you which tool is the better choice if you need to remove all remnants of MBAM v2.2.1 from your system. As Porthos noted, a simple uninstall of MBAM v2.2.1 from Control Panel | Programs | Programs and Features might be all you need before you re-boot and run the installer for the legacy Win XP/Vista version of Malwarebytes v3.5.1 (available for download at https://downloads.malwarebytes.com/file/mb3_legacy). Also note that some MBAM v2.2.1 users reported in anon743's May 2022 thread MBAM 2.2.1: No Definitions Updates After May 19 that they had to open a support ticket with Malwarebytes Support and ask to have their old 2-part activation key with a 16-digit key (ID: xxxxx; Key:xxxx-xxxx-xxxx-xxxx) switched to a new one-part activation key with a 20-digit key (Key: xxxxx-xxxxx-xxxxx-xxxxx) before they could activate their Malwarebyte Premium v3.5.1 installation. This switch to a new activation key was a problem for a few users who couldn't find their original receipt from Cleverbridge as proof of purchase. Of course, that's not something you have to worry about if you use the Free version of Malwarebytes. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1.2522-1.0.365 * Macrium Reflect Free v7.3.6391 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS ----------- 64-bit Win 10 Pro v21H2 build 19044.1826 * Firefox v103.0.1 * Microsoft Defender v4.18.2205.7-1.1.19400.3 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 Dell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620

Hi tommytiko: Further to Porthos' comment, see Malwarebytes employee AdvancedSetup's 26-May-2022 explanation in MBAM 2.2.1: No Definitions Updates After May confirming that Win XP and Vista users must now upgrade to Malwarebytes v3.5.1.2522 (the legacy version for Win XP and Vista at https://downloads.malwarebytes.com/file/mb3_legacy) if they want to continue receiving malware definition updates. The Malwarebytes 4 FAQs thread pinned at the top of this board includes a section titled "Malwarebytes Support for Legacy Windows XP and Vista Operating Systems" with more information.

Hi Adam2022: Malwarebytes employee Arthi posted a status update early today (29-Jul-2022) in Excel 2021 | File Is In use | Locked For Editing | Am I Infected that "The update to disable the setting "Excel Macro 4.0 Abuse Prevention" was revoked, you should be able to turn it ON again in a few hours." I've re-booted a few times today and my latest test results show that: My Excel Macro 4.0 Abuse Prevention setting will now remain ENABLED if I restore my advanced Exploit Protection settings to their default settings (Settings | Security | Exploit Protection | Advanced Settings | Application Behavior Protection | Restore Defaults | Apply) and re-boot my computer (see image below), and My password-protected Excel .XLSX workbooks are opening normally with the Excel Macro 4.0 Abuse Prevention setting ENABLED. Everything looks okay from my end so I've asked Malwarebytes Support to close my support ticket. ----------- Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1826 * Firefox v103.0.0 * Microsoft Defender v4.18.2205.7-1.1.19400.3 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * MS Office 2019 Home and Business Version 2206 (Build 15330.20264 Click-to-Run)

Hi Arthi: Thanks for the status update. I can confirm that my Excel Macro 4.0 Abuse Prevention setting will now remain ENABLED if I restore my advanced Exploit Protection settings to their default settings (Settings | Security | Exploit Protection | Advanced Settings | Application Behavior Protection | Restore Defaults | Apply) and re-boot my computer. Note that it took two re-boots of my system today before I could get this setting to stay checked. I can also confirm that my password-protected Excel files are opening normally with the Excel Macro 4.0 Abuse Prevention setting ENABLED. I don't know if it's relevant, but I updated to Malwarebytes v4.5.12.204-1.0.1725 yesterday. When I tested last night my Excel Macro 4.0 Abuse Prevention setting was still silently disabled after a re-boot so I don't think the product update itself actually solved the problem - I'm guessing Malwarebytes had to change something remotely this morning on their own end to revoke the disabling of this setting. ----------- Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1826 * Firefox v103.0.0 * Microsoft Defender v4.18.2205.7-1.1.19400.3 * Malwarebytes Premium v4.5.12.204-1.0.1725 * Macrium Reflect Free v8.0.6867 * MS Office 2019 Home and Business Version 2206 (Build 15330.20264 Click-to-Run)

Hi AdvancedSetup: Could you please clarify? The bug fix was included in Malwarebytes v4.5.11.202 -1.0.1716 (rel. 13-Jul-2022), but employee Arthi posted <here> on 17-Jul-2022 that Malwarebytes would stop silently disabling Excel Macro 4.0 Abuse Prevention in "just a few more days". I tested Malwarebytes v4.5.11.202 -1.0.1716 again on 25-Jul-2022 (assuming that the v4.5.11 update would have rolled out to most customers by then) and confirmed that I can open my password-protected Excel workbooks if my advanced Exploit Protection settings are restored to their default settings (Settings | Security | Exploit Protection | Advanced Settings | Application Behavior Protection | Restore Defaults | Apply) and ENABLE Excel Macro 4.0 Abuse Prevention ... ... but that the Excel Macro 4.0 Abuse Prevention setting is still silently DISABLED as soon as I restart my computer. Is this silent disabling of Excel Macro 4.0 Abuse Prevention a behaviour that's baked into v4.5.11.202 -1.0.1716, or can Malwarebytes silently enable/disable this setting remotely from their back-end servers? Your post today implies that the behaviour is baked in to v4.5.11.202 -1.0.1716 and that we will have to wait for the upcoming v4.5.12.204-1.0.1725 (currently in BETA) before we stop seeing Excel Macro 4.0 Abuse Prevention being automatically disabled at each system restart. ----------- Dell Inspiron 15 5584 * 64-bit Win 10 Pro v21H2 build 19044.1826 * Firefox v103.0.0 * Microsoft Defender v4.18.2205.7-1.1.19400.3 * Malwarebytes Premium v4.5.11.202-1.0.1716 * Macrium Reflect Free v8.0.6867 * MS Office 2019 Home and Business Version 2206 (Build 15330.20264 Click-to-Run)

Hi JhonHamilton: You should be able to open password-protected Excel workbooks again with Excel Macro 4.0 Abuse Protection ENABLED after you update to the latest stable release of Malwarebytes v4.5.11.202-1.0.1716 (rel. 13-Jul-2022). See Dell employee Erix's release notes <here> for v4.5.11.202-1.0.1716, which state in part "Fixed: Anti-Exploit Corrupting Excel Files". I tested a beta version of Malwarebytes Premium v4.5.11.202-1.0.1716 on 11-Jul-2022 for Malwarebytes Tech Support and confirmed I could open my password-protected Excel .XLSX workbooks correctly after the new Component Package v1.0.1716 was installed. if you don't want the to wait for your automatic updates to apply the v4.5.11.202-1.0.1716 product update go to Settings | General | Application Updates and click Check for Updates to start the installation. I checked today and it looks like Malwarebytes is still silently disabling Excel Macro 4.0 Abuse Protection every time I re-boot my computer even though I've had the fix for a few days now, so before you run your own tests with the new Malwarebytes v4.5.11.202-1.0.1716 see the hints I posted today in Adam2022's Excel Macro 4.0 Abuse Protection Prevents Opening Password Protected File. --------------- Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.1 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.11.202-1.0.1716 * Macrium Reflect Free v8.0.6867 * MS Office 2019 Home and Business Version 2206 (Build 15330.20230 Click-to-Run)

Hi Adam2022: You should be able to open password-protected Excel workbooks again with Excel Macro 4.0 Abuse Protection ENABLED after you update to the latest stable release of Malwarebytes v4.5.11.202-1.0.1716 (rel. 13-Jul-2022). Dell employee Erix's release notes <here> for v4.5.11.202-1.0.1716 state in part "Fixed: Anti-Exploit Corrupting Excel Files". I tested a beta version of Malwarebytes Premium v4.5.11.202-1.0.1716 on 11-Jul-2022 for Malwarebytes Tech Support and confirmed I could open my password-protected Excel .XLSX workbooks correctly after the new Component Package v1.0.1716 was installed. Dell employee Arthi's 08-Jul-2022 post in JhonHamilton's Excel 2021 | File Is in Use | Locked for Editing | Am I Infected notes that Malwarebytes has been silently disabling (unchecking) Excel Macro 4.0 Abuse Protection after every boot-up for the past few weeks because that Excel Macro 4.0 Abuse Protection was causing problems for so many people. I checked today and it looks like Malwarebytes is still silently disabling Excel Macro 4.0 Abuse Protection every time I re-boot my computer even though I've had the fix for a few days now, so if you're testing with the new Malwarebytes v4.5.11.202-1.0.1716 make sure that you manually RE-ENABLE Settings | Security | Exploit Protection | Advanced Settings | Application Behavior Protection | Excel Macro 4.0 Abuse Protection (or click Restore Defaults, and then click Apply) as shown in the image below before running any tests with your password-protected Excel workbooks. I suspect Malwarebytes will eventually stop silently disabling that Excel Macro 4.0 Abuse Protection setting at boot-up in a few days once they're confident their bug fix actually solved the problem and doesn't have any negative side effects. --------------- Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1766 * Firefox v102.0.1 * Microsoft Defender v4.18.2205.7-1.1.19300.2 * Malwarebytes Premium v4.5.11.202-1.0.1716 * Macrium Reflect Free v8.0.6867 * MS Office 2019 Home and Business Version 2206 (Build 15330.20230 Click-to-Run)