Arthi

Hi powella, Thanks for reporting. Can you please zip the entire contents of this folder C:\ProgramData\Malwarebytes Anti-Exploit Thanks.

Hi Lwphipps, Thanks for reporting. Can you please zip the entire contents of this folder C:\ProgramData\Malwarebytes Anti-Exploit Thanks.

Hi TimPrice, The updates are set to roll out into Malwarebytes 4 early June. Thanks.

Thanks markjobr for the confirmation.

Thanks for the confirmation. Appreciate your quick feedback.

Hi guruuno, Thanks for your feedback. This was merely a well-meaning gesture to provide the fix to the affected MB4 customers immediately, not to be considered as beta testing. We are asking to turn off exploit protection to run this exploit protection standalone product side-by-side. So customers who do this are not at risk by any means. Thanks.

Hi All, We think we have this fixed in our latest build. It is available in the Anti-Exploit standalone product and has not rolled out to Malwarebytes 4 yet. But I would love to hear feedback if it resolves your issue. Please disable Exploit protection in your MB4 and install the below AE product. Try to reproduce the winword issue and let me know if it still persists. Thanks for your patience. https://malwarebytes.box.com/s/z3mzwpcffcr3l3kqwpa61dgahaq0ggv0

Hi All, Thanks for posting. We are sorry that it was not addressed earlier. We do need some logs here: For those using Malwarebytes Endpoint security, Please zip the entire contents of this folder C:\ProgramData\Malwarebytes Anti-Exploit and send to us. For those using Malwarebytes 4 and above, Please grab these files and send it to us. C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log Once again apologize for the delay, we will look into it as soon as we get the required logs. Thanks.

Hi Differentunic, Thanks for posting. Can you try turning off the setting marked in red. Thanks.

Hi MeMeMeMeMe, Can you try unchecking the following setting marked in red. You can find it under Exploit Protection -> Advanced settings. Also it would help if you can post log file located here C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log Thanks.

Hi Danz17, Can you please attach the below log file. Thanks. C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log

Hi mready, Thanks for the logs. Can you please go to Security Tab on the UI, Under Exploit Protection, go to the Advanced settings. In the Application Behavior Protection tab, uncheck "Protection for Office VBA7 abuse" for MS Office. This will stop the blocks. Please let me know if you need any further assistance. Thanks.

Hi JohnnieSko, Can you please disable the setting marked in red. That should stop the blocks. Thanks.

The alerts that you saw are one-time alerts from a known, unresolved bug. The blocks stop automatically once the upgrade process completes. We released a new version of MBAE 1.13.2.164 which we is why you saw these blocks when your older version upgraded to this. This is a known issue that we are taking a look at, but unfortunately, it is not reproducible, happens only on few machines and then goes away once the upgrade is done - all in all making it very difficult for us to debug internally. Hence the delay in fixing it. I will keep you posted on its resolution. Thanks for reporting and apologize for the inconvenience caused.

Hi The block related to the "known unresolved issue" that I mention above is when Malwarebytes Anti-Exploit updates from an older version to a newer version. Yesterday we released a newer version and machines that are set up to auto-upgrade, would have faced this block during/immediately after upgrade. Again, not all the machines that upgraded get these blocks, only a few are affected. The new version that we released is 1.13.2.164. If you are still concerned, please zip the folder C:\ProgramData\Malwarebytes Anti-Exploit from an affected machine and send it. I will take a look and confirm if indeed it was this false positive block. Thank you.