Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About DarthVitrial

  • Rank
    Advanced Member

Recent Profile Visitors

1,783 profile views
  1. Downloaded from here: http://biomediaproject.com/bmp/files/LEGO/gms/online/Galidor/GalidorQuest/DSWMEDIA/index.html Needed to play archived, old games from the early 2000s. File attached. Shockwave10-12XtrasInstall.7z
  2. It won't let me un-quarantine without rebooting first, but I just downloaded the same file again. The reason it's falsely detected is because what CAO does is pack large amount of files in BSA compressed packages, which probably looks similar to ransomware to a heuristic. This already happened once before and was fixed then, but I guess it's back. file and log.7z
  3. It wasn't from a scan, it was the "real time protection" quarantining the file as I was using it.
  4. Downloaded from here: https://www.nexusmods.com/skyrimspecialedition/mods/23316?tab=files The "pack BSA" function triggers Malwarebytes' detection, but the app is not malicious.
  5. (the changelog entry I'm referring to is "Fixed: rundll32 AE block in Word". I can't edit my post for some reason.) I will still argue that A: Microsoft Office is not a pentesting tool and blocking it is a false positive even in the context of only working on penetration tests, and B: The UI as it stands now simply saying "block pentesting attacks" with no warning that it is explicitly not intended for use will confuse average users that will look at the settings and just go "attacks are bad and should be blocked".
  6. I assumed the fact that the changelog for it mentioned a word exploit fix and the fact that the post by Exile360 above referred to "the issue should be fixed for good in the new beta" meant "the pentesting setting will no longer have the false positive that makes it think Microsoft Word is a pentesting tool", rather than "Malwarebytes now properly turns off pentesting blocking by default". I misunderstood.
  7. No, with CU 1.0.1096 still doesn't fix it. Enabling "block pentesting attacks" STILL prevents word documents from being opened.
  8. Regardless, it STILL shouldn't be blocking microsoft office. Additionally, if it's a feature that shouldn't be turned on, it should have some sort of a warning when enabling it. Most users will see an option saying "block penetration testing attacks", go "Hm, attacks are bad." and turn it on.
  9. Having "block penetration testing attacks" still breaks Office in, CU 1.0.1091. Word is not a pen testing attack. This is a bug that should be fixed.
  10. I highly doubt that is related. I don't use IE, my only browser is Pale Moon which does not have any office plugins installed (i explictly disabled them), and besides I didn't have anything open at the time the issue occurred. No programs at all.
  11. Alright, but given that OneDrive is not a pentesting attack I would say this counts as a bug.
  12. In Malwarebytes 4.2.1, CU, 1.0.1053 , trying to open a word document (synced to OneDrive, my whole computer has OneDrive enabled) causes Malwarebytes to incorrectly block it with "Exploit blocked:Malware.Exploit.Agent.Generic, exploit payload macro process blocked".
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.