hfike
-
Posts
12 -
Joined
-
Last visited
-
New update, new false positive. Added exception: 4F5BD8D491AAE778B358ECE2A1D28F09; GrammarlyAddInSetup6.6.101.exe
-
Thanks! I was not able to reproduce this before, I guess due to how it updates itself and I was already on the current version. I'll follow up with the user and test removing the exclusions I've made in our local policy. Thanks, Harry
-
PM sent with requested files. I've added this line to my exclusion list: 4BD792D4A6B757C133502938C06CAF49; GrammarlyAddInSetup6.5.87.exe Thanks, Harry
-
Yep, I noticed it as well. Appears to be a new version of Grammarly: 3/10/2017 11:36:58 AM XXXXXX 10.2.X.X Exploit payload file blocked BLOCK C:\Users\xxxx\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.87.exe 3/10/2017 11:36:59 AM XXXXX10.2.X.X Exploit payload process blocked BLOCK C:\Users\xxxxx\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.87.exe C:\Users\xxxxxx\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.87.exe \detectmode 3/10/2017 11:37:03 AM XXXXXX 10.2.X.X Exploit payload process blocked BLOCK C:\Users\xxxxxxx\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.87.exe C:\Users\xxxxxxx\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.87.exe \detectmode 3/10/2017 11:37:03 AM XXXXXX 10.2.X.X Exploit payload file blocked BLOCK C:\Users\xxxxxxx\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.87.exe -- Harry
-
I don't have easy access to the user's PC, however, I'll see if I can reproduce it in a VM. Thanks, -- Harry
-
Same update: "2017-01-22T14:13:36.342-05:00";"user";"5924";"C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE";"6872";"OUTLOOK.EXE";"3";"701";"207";"";"";"";"";"";"";"C:\Users\user\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.85.exe C:\Users\user\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.85.exe \detectmode";"";"";"";"" "2017-01-22T14:13:36.546-05:00";"user";"5924";"C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE";"6872";"OUTLOOK.EXE";"3";"601";"207";"";"";"";"";"";"";"C:\Users\user\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.85.exe";"1C5B6815372D0D0EBA9CE18EC2FA9D73";"";"";"" Here is the line I have been putting in the Anti-Exploit Exclusion List that has been working: 1C5B6815372D0D0EBA9CE18EC2FA9D73; GrammarlyAddInSetup6.5.85.exe Thanks, -- Harry
-
How long does the global exclusion take to get out to the world? On 1/20 I took out the local exclusion, but saw reports of it again on 1/22. I've re-added the local exclusion for now. Thanks, -- Harry
-
Awesome! I did make a local exclusion, but will remove that here in the next few days. Thanks for the attention to this! -- Harry
-
Done! Thank you! -- Harry
-
I wanted to follow up again that I would love to post the logs, but not directly to this forum post as there is personally identifiable information in there and I don't want to attempt to sanitize that many files. Is there an alternative way I can get the logs to you? I've read the post you've linked to above. Should I just contact support directly? Thanks, -- Harry
-
I stated getting notifications about this program being blocked this morning after installing Anti-Exploit on the client: 1/13/2017 10:18:59 AM XXXHOSTNAME 10.2.X.X Exploit payload process blocked BLOCK C:\Users\XXXXX\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.5.85.exe Would love to post the logs, but not directly to this forum post as there is personally identifiable information in there. Is there an alternative way I can get the logs to you? Thanks, Harry
-
The fact that having no Mac client being a deal breaker is like not choosing a sunglasses manufacturer because they don't have a model specifically designed to work at night. Do some research and you will find that there is little to no need for an anti-malware tool on a Mac. Look up Xprotect, built into the OS, designed to block bad stuff! -- Harry