wrapsbear

Update: I spent the last month going back and forth with support, installing debug versions and generating countless logs. As a result, A fix for this is included in v1.9.2.1261, now available.

The core MBAM 1.80 engine is 14 months old and a major (1.9) MBAE update was released just two days ago; will we see a comparable MBAM engine update soon? With anti-malware being an arms race, I'd like to make sure our arsenal stays stocked with fresh ammo. Thanks!

MB Anti-Exploit detects Kutools as an "ROP attack" exploit. The log does not show a filename ("n/a"), so I can't create an exception for it or whatever. Kutools is a popular Excel addin, so it's totes legit. This behavior occurs both on Windows 7 + Office 2010 as well as Windows 10 + Office 2016. To reproduce: 1. Download and install https://www.extendoffice.com/downloads/KutoolsforExcelSetup.exe 2. Open an Excel sheet, type something into a cell, and click the Kutools tab at the top 3. In the ribbon, click "Text" and then "Remove Characters" 4. Excel quits unexpectedly, and Malwarebytes pops up a message, including: "Exploit ROP gadget attack blocked" Here's the contents of the MBAE alert log when this occurs: "2016-10-07T11:11:07.799-05:00";"bear";"3708";"C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE";"5068";"explorer.exe";"1";"508";"452";"0x20816182";"";"";"0x00DF0000";"0x00DCF000";"";"";"";"";"";""