-
Posts
201 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by REGITDept
-
-
Dear MB Community,
MB Supports are unable to help me (Case # 4263358), so I wanted to share the issue with the community about this in case someone else out there are having the same problem.
The issue:
Our users are encountering Exploit blocked "Exploit.OfficeSpawningBatchComm" when viewing certain Excel files. I have tracked it down and found out that when the users have Bluebeam 2019 add-on "BluebeamExcelLinkAddIn" for Excel it will caused MB to block. We do not want to exclude this detection from our policies such as turning off "Protection for Office spawning batch commands" because what if a malicious hacker is taking advantage of this?
Attached you will find the Debug Logs for MB on one of the many affected clients.
Thanks.
MWB_REGSVSOLIS.REG.LOCAL_Diag_2023_06_05_17_03_09.zip MWB_REGSVSOLIS.REG.LOCAL_Diag_2023_05_30_14_58_37.zip
-
-
Dear MB,
This is a FP:
hxxp://www.cobrawire.com
Thanks.
-
2 hours ago, Porthos said:
I would highly suggest that you open a support ticket with Business Support to work with them directly.
Submit Business Support Ticket
It can take a few days for a response as ticket volume is high at this time.
Thank you.
Ticket created.
- 1
-
-
10 hours ago, AlexSmith said:
It does not support adding custom applications. Currently, it supports the following 3rd party applications: https://service.malwarebytes.com/hc/en-us/articles/4576809351443-Supported-Patch-Management-applications-in-Malwarebytes-Nebula
Thank you AlexSmith 😀
-
-
Dear MB,
Does the Patch Management have the feature to push out custom application?
Thanks.
-
Dear Malwarebytes,
We believed this to be a false positive. Please verify. Thanks.
cookconcreteproducts.com.
-
23 hours ago, AdvancedSetup said:
Hello @REGITDept
Please reply to your current ticket: 3578792
Attach this new log but make it clear this is another client.
Basically I think they'll want you to create a new Policy that disables a setting and then move the client to that new policy but your support agent will provide you with more details.
Thank you
I just got their email today.
I'm concern that instead of having the issue fix on MB's side. The workaround is to lessen the security on our side. That's not reassuring at all.
Thanks.
-
Dear MB,
Another user is effected. The client is using MS Office 2016 - 32 Bit.
Thanks.
-
2 hours ago, AdvancedSetup said:
Thanks @REGITDept
I don't manage or support the Nebula client myself but I've submitted your logs to the team for review. Hopefully I should get a reply back today on how to proceed.
Thank you again
Here is the new ticket number 3578792. Thanks.
- 1
-
On 9/7/2021 at 11:01 AM, AdvancedSetup said:
Thank you for the follow up @REGITDept
It's possible that it was just some odd combination of running processes that triggered it. If it does return please let us know and we can review at that time.
Thank you again and have a great week
Good morning AdvancedSetup,
The issue came back this morning. Attached are the logs you requested.
Thanks.
-
Dear MB,
I believed these are FP.
Please see attached files.
If you need the installer please PM me for the download link.
Thanks.
-
On 9/3/2021 at 12:11 PM, AdvancedSetup said:
Hello @REGITDept
One of my colleagues asked that we get enhanced debug logging for this.
Can you please enable that on the system. Then reboot the system and gather logs again and submit to your ticket.
On Nebula you Control+Right-Click the MB tray icon and there's an option to Enable Debug Logging
Once completed please go ahead and turn off the enhanced logging
Thank you again
Dear AdvancedSetup,
I'm unable to reproduce the issue to grab you the logs. Perhaps it was fixed?
Thanks.
-
13 minutes ago, AdvancedSetup said:
Hello @REGITDept
One of my colleagues asked that we get enhanced debug logging for this.
Can you please enable that on the system. Then reboot the system and gather logs again and submit to your ticket.
On Nebula you Control+Right-Click the MB tray icon and there's an option to Enable Debug Logging
Once completed please go ahead and turn off the enhanced logging
Thank you again
This will have to be next week because the user is already off for the week.
Thanks.
-
54 minutes ago, AdvancedSetup said:
Thank you AdvancedSetup.
Happy Friday and Weekend!
-
10 hours ago, AdvancedSetup said:
Hello @REGITDept
I've sent a request for review but it's probably best that you open a direct support ticket
https://support.malwarebytes.com/hc/en-us/requests/new
Let me know what that ticket number is and I'll see if I can get it escalated.
Thank you
Dear AdvancedSetup,
The ticket number is 3571909.
Thanks.
-
Dear MB,
One of our user encountered the Exploit blocked whenever he opened this Excel file.
He is using MS Excel 2013 (32 bit) with latest updates.
Windows 10 Pro (64 bit).
Screenshots and Logs are included.
Thanks.
-
On 7/21/2021 at 3:10 PM, cli said:
Can you attach the file? Thanks.
Sorry for the late reply. One of my team member couldn't find the file.
Today I was able to find some time to dig and find the file for you. Looks like it was already fixed because I no longer see it being detected?
Thanks.
-
-
Just now, Atribune said:
Thanks for reporting this, it should be resolved shortly.
Thank you Atribune.
-
-
Dear Malwarebytes,
Referencing previous post: FP: hxxps://www.batterysystems.net - Website Blocking - Malwarebytes Forums
As of today 06/21/2021 the website hxxps://www.batterysystems.net is still being blocked.
Thanks.
FP: Excel and Bluebeam 2019 Add-On - Exploit.OfficeSpawningBatchComm
in Exploit
Posted
I appreciated all the replies.
Here is my question, when you have Excel + the Bluebeam 2019 add-on then everything still works fine. Just a combination of certain Excel files + Excel + Bluebeam 2019 add-on will create this issue.
Why is that?
Thanks.