Jump to content


  • Content Count

  • Joined

  • Last visited

About AdamM

  • Rank
    New Member

Recent Profile Visitors

907 profile views
  1. This build ( appears to resolve the issue with Acrobat on a test workstation. I will continue to test and report if I encounter any issues. Thanks, Adam
  2. Any of our workstations (Windows 10 LTSB 2016, x64) that are running the latest MBAE are experiencing odd behavior between Adobe Acrobat Pro 11 and a plug-in used for our document management system (Autonomy FileSite 8.5). If a user attempts to save a PDF to the DMS, the Filesite Acrobat plug-in is unable to create certain local files in order to complete the save. We're also seeing another Acrobat issue but in connection with a printing cost recovery application we use (CopiTrak Desktop). Strangely, there is no Copitrak plugin installed in this case. Opening PDF's results in the following message: No anti-exploits 'block' alerts are displayed. Disabling the MBAE shields for Adobe Acrobat & Reader resolves both issues. It also does not occur on workstations running the previous build. Logs are attached. Thanks, Adam Malwarebytes Anti-Exploit_20180814.zip
  3. I was referring to the official build. But, I just received a call from a user with this issue. The test build that you provided resolved the problem immediately after installing. Adam
  4. Not sure what changed between then and now, but I cannot seem to reproduce the issue now on my test machines with AE fully enabled. But I did go ahead and alter the memory protection settings in my main policy and also re-enabled the office shields. I will let you know if this happens again. Thank you both for the quick response, I do appreciate it. Adam
  5. Our Windows 7 workstations suddenly began flagging some MS Office 2010 applications with an exploit attempt, preventing them from opening at all. Specifically affected appears to be Excel, Word, and Powerpoint 2010. No recent policy changes have occurred. Windows 10 workstations with the same policy don't seem to be affected as far as I can tell. The exploit being flagged is 'Process Hollowing Protection'. Aside from disabling the specific application shields, where in the Anti-Exploit config can this particular protection layer be turned off? I am concerned that other applications could be affected by this particular setting. Thanks, Adam
  6. We're seeing an issue with Word documents opened from our document management system (Autonomy FileSite 8.5). The WINWORD.EXE process will remain open in the background after the application has closed. This occurs everytime a document from FileSite is opened and Word is closed, resulting in numerous dead Word instances (docs opened locally are unaffected). I suspect this has some relation with the FileSite COM add-in 'checking' the document back in during a close. This only occurs if the 'MS Word Shield' is active. I have also tried unchecking all MS Office related advanced settings in MBAE during testing. Only deactivating the shield allows the app to close correctly. This behavior appears to be present on all of our workstations which are also running MBAE v1.10.2.41, Office 2010, Windows 7 32-bit. Log files are attached. Thanks, Adam Malwarebytes Anti-Exploit.zip FRST.txt Addition.txt
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.