Jump to content

AdamM

Members
  • Content Count

    16
  • Joined

  • Last visited

About AdamM

  • Rank
    New Member

Recent Profile Visitors

737 profile views
  1. This build (1.12.2.117) appears to resolve the issue with Acrobat on a test workstation. I will continue to test and report if I encounter any issues. Thanks, Adam
  2. Any of our workstations (Windows 10 LTSB 2016, x64) that are running the latest MBAE 1.12.2.109 are experiencing odd behavior between Adobe Acrobat Pro 11 and a plug-in used for our document management system (Autonomy FileSite 8.5). If a user attempts to save a PDF to the DMS, the Filesite Acrobat plug-in is unable to create certain local files in order to complete the save. We're also seeing another Acrobat issue but in connection with a printing cost recovery application we use (CopiTrak Desktop). Strangely, there is no Copitrak plugin installed in this case. Opening PDF's results in the following message: No anti-exploits 'block' alerts are displayed. Disabling the MBAE shields for Adobe Acrobat & Reader resolves both issues. It also does not occur on workstations running the previous 1.12.2.90 build. Logs are attached. Thanks, Adam Malwarebytes Anti-Exploit_20180814.zip
  3. I was referring to the official build. But, I just received a call from a user with this issue. The test build that you provided resolved the problem immediately after installing. Adam
  4. Not sure what changed between then and now, but I cannot seem to reproduce the issue now on my test machines with AE fully enabled. But I did go ahead and alter the memory protection settings in my main policy and also re-enabled the office shields. I will let you know if this happens again. Thank you both for the quick response, I do appreciate it. Adam
  5. Our Windows 7 workstations suddenly began flagging some MS Office 2010 applications with an exploit attempt, preventing them from opening at all. Specifically affected appears to be Excel, Word, and Powerpoint 2010. No recent policy changes have occurred. Windows 10 workstations with the same policy don't seem to be affected as far as I can tell. The exploit being flagged is 'Process Hollowing Protection'. Aside from disabling the specific application shields, where in the Anti-Exploit config can this particular protection layer be turned off? I am concerned that other applications could be affected by this particular setting. Thanks, Adam
  6. We're seeing an issue with Word documents opened from our document management system (Autonomy FileSite 8.5). The WINWORD.EXE process will remain open in the background after the application has closed. This occurs everytime a document from FileSite is opened and Word is closed, resulting in numerous dead Word instances (docs opened locally are unaffected). I suspect this has some relation with the FileSite COM add-in 'checking' the document back in during a close. This only occurs if the 'MS Word Shield' is active. I have also tried unchecking all MS Office related advanced settings in MBAE during testing. Only deactivating the shield allows the app to close correctly. This behavior appears to be present on all of our workstations which are also running MBAE v1.10.2.41, Office 2010, Windows 7 32-bit. Log files are attached. Thanks, Adam Malwarebytes Anti-Exploit.zip FRST.txt Addition.txt
  7. I have attached the requested FRST log files from a machine exhibiting this behavior this morning. Machine was mostly unresponsive with SCComm utilizing 100%. In order to even run FRST, I had to lower the priority on the SCComm process to 'below normal' Thanks, Adam Addition.txt FRST.txt
  8. Recently we've been getting frequent calls in our organization regarding abnormally slow pc's -- at least a couple per week I'd say. In all of the these cases, the SCComm.exe process is the culprit where it's pegging the cpu at 100% for long periods. Uninstalling all MBAM products and re-installing from the managed agent seems to resolves the issue. What does this process actually do that it would peg the cpu? What can I do to try and diagnose this behavior? Thanks, Adam
  9. I am also able to report positive results with build 1398 on a few test machines in our environment. Adam
  10. I'm also seeing this behavior on several machines in our environment with MBAE build 1384 installed. Log files from an affected machine are attached. Thanks, Adam Malwarebytes Anti-Exploit.zip
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.