Arthi

Thanks for confirming. Appreciate the quick response. Can everyone facing this issue please turn off the settings I mentioned above, restart machine/Malwarebytes Anti-Exploit service. This should resolve it. If not, please get back to us with logs. Thank you all for your patience.

Yes, it is safe to turn them off. Our recommended default settings do not have these turned ON. There is a very thin line between protection and triggering false positives. We often keep looking out for exploit attacks "In the wild" and set our default protection settings to the optimum level considering false positives especially in our business customer environments. You can rest assured that we are always looking out for attack scenarios in the wild and tweak our protection settings all the time. If we do not see a certain attack vector "in the wild" for a a few years, we typically turn that setting OFF by default. In short, our default settings are what we recommend our customers to use to avoid false positives. Thank you.

Thanks for testing this. Can I please request you to try this. Turn off those settings-> restart your machine or Malwarebytes Anti-Exploit service, make sure those settings are still turned off, and try to reproduce the issue. If you can reproduce it, gets us the logs, please.

Hi All, Thanks for your patience with the issue. Can you please check if the following settings are turned ON in the affected machines, if so please turn it off and let me know if that resolved it. Thanks again.

Yes.

Hi TSBG, Yes this has been fixed and released. You should not see it anymore. Thanks.

Hi All, Re-uploaded the tool in the link

This is applicable for both IE and Office.

Hi HarleyHutchins, Thanks for posting. We will take a look at the logs and get back to you soon.

Hi All, I wanted to give you all some background on the VBScript protection and the issues it caused. In the recent past, we have come across many VBScript engine exploit attacks in the wild. Refer https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/ https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html The protection we introduced in the new version of MBAE 1.13 blocks these exploit attacks. This protection has been automatically enabled for a long time now in our consumer product. However, in Business environments, the usage of 3rd party plugins and extensions which still use this vulnerable VBScript library in legitimate cases is high, as we learnt this week with the false positives. We had to turn off (not disable) the protection - meaning users can turn it back on if they want to restrict usage of this vulnerable library within their organization, considering good security practices. We are trying to research and find a way to distinguish between these legitimate cases and the true exploit attacks. From our past research into this, there is not a lot to differentiate between the two, with these plugins behaving very similar to how an exploit would. Will keep you all posted. Thank you.

It is because of the new version update - It is a metered release which is why only few machines have been updated and are affected now. I have pushed in a silent update to the affected machines, it typically does not require a reboot or restart of Malwarebytes Anti-Exploit service for it to take effect. But if you still see these blocks on any system, please restart the MBAE service. The fix I pushed was to uncheck the following settings. Apologize for the inconvenience caused. Thanks for your patience.

Thank you all for your patience. We are looking into it.

Hi bartonphelps, Is it Internet Explorer where you see these blocks?

Hi All, Thanks for your post. Can you please disable the following setting and see if that resolves your issue? Thanks.

Hi MSV, Thanks for your post. Yes, it looks like this is due to the update we pushed out yesterday. Can you disable the following setting and see if that resolves your issue? Thanks.