billmobile1

Of the four affected workstations, none have had this happen again since yesterday morning, and out of around 500 seats, we haven't had any new reports of it.

See attached! MBAM_Logs.zip

See attached! Thanks! mbst-grab-results.zip

This started to occur yesterday mid-morning. It seems isolated to the few remaining Windows 7 workstations still in the environment (or at the least, no Win 10 box has had it happen)... The workstations seeing this do not have any shared file in common that they all may have opened (the affected are among a couple of different divisions), and all of the workstations scan clean and Im told they have nothing surprising in the Event Viewer logs. I was wondering if anyone else was experiencing this, or if this might be a known false positive; I know there are a few people with issues of Anti Exploit blocking Excel from launching, and wasnt sure if this might be a wider reaching issue. The email notice is: Exploit attempt blocked BLOCK staffda Microsoft Office Excel C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE Attacked application: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE; Parent process name: ; Layer: Application Behavior Protection; API ID: 900; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: Thanks!

I ran into this a couple of times over the last six months, and this is what I found; I'm sure it could be different for others, I thought I would share my experiences in case it helps anyone. A malicious email was opened, and a link is clicked which prompts the user to enter O365 credentials to retrieve a document. After the credentials are provided, the document us unable to be downloaded/opened (not sure which, and I dont have access to my sandbox right now to check); At that point either a script is run or a person manually creates a rule on the O365 portal to deliver replies to the RSS Feeds folder (the more recent version of this was much more sloppy and had ALL incoming mail delivering to RSS). The rule doesnt appear in the local copy of Outlook... portal only. The script also seems to prevent Sent copies from being created. In both cases, we never found any sort of payload other than the possibility of the script being run, so this appears to be an effort to harvest email addresses. I'd imagine there are other iterations out there, but the two times Ive seen this over the past six months both, were basically this. I hope that helps someone!

That is great news, thank you so much!

Will this build (or a patch) be pushed out any time soon with updates for Enterprise clients? I have around 300 seats using Enterprise Edition Anti-malware/Anti-exploit, a majority of which are spread out around the country using cellular hotspots... a GP pushed update for the client is troublesome and hit or miss at best (since they arent always authenticating to the domain and getting a group policy update), so an update via the clients built in updater would be perfect. Thanks!!

Over the last week or so I have started to get reports of a handful of issues popping up with our local and remote workstations: Our workstations are running Anti-Malware 1.80.1.1011 and Anti-Exploit 1.08.2.1045, are all new/newer Dell brand workstations running Windows 7 x64 with all Windows updates current and all drivers current via Dell's Command Update. Management Console version V2016.12.29.05, Updated this morning at 7:33am running on Windows server 2008 R2 I have around 100 licensed users right now, running both Anti-Malware and Anti-Expolit; as of right now I have 12 reports of problems, some in headquarters, some remote, and that is of course not counting the people who will click through an error and not report it to us. For the people experiencing issues, we are seeing: Very, very slow startups when the workstations are first powered on; sometimes in excess of five minutes (ordinarily in the neighborhood of 60 seconds) Uninstalling the Malwarebytes suite seems to resolve this. After reinstall the problem seems to reoccur within a couple of days. Outlook (2013/2016) stalls in launch indefinitely. Deleting the Outlook profile will allow Outlook to rebuild the mailbox and launch, but once Outlook has been shut down and relaunched once or twice post-profile rebuild, the issue appears again. Uninstalling the Malwarebytes suite seems to resolve this. I havent had a chance to test a reinstall for this issue as of yet. Again, this seems to have become an issue around a week ago (could be a coincidence)... we are not running any of the software that is listed as known conflicts. I was looking at a couple of other posts about similar issues, and was hoping that we could make some headway on these issues without having to physically obtain log files for a dozen (or more) machines. Unfortunately, we also do not have the resources to repeatedly uninstall, run a clean-up utility, and then reinstall repeatedly if this problem continues to grow; please understand that I am not saying that in any way to be difficult! The entire purpose of purchasing this software suite was to minimize our need to touch each workstation to address malware related issues and infections (as would need to be done with the free version), so if for whatever reason this software suite is going to be plagued with these sort of issues that are requiring a lot of hands-on with the workstations, I dont see the sense in renewing our licenses. If we are consistently having to touch workstations to uninstall/clean-up/reinstall then we might as well stick with the free version and run manual scans via group policy and/or batch scripts with our remote software. I dont want to give up on this yet, since the Malware bytes suite does give me some peace of mind, but Im hoping that a solution is out there... Thank you in advance for any assistance you can provide!!!

Disregard my post, Im moving this to a new topic so as not to derail what is already going on in this thread... sorry!

At this point, are we able to see anything in common with the workstations experiencing this issue? I ask because I have nearly 100 licensed users right now, and have probably 10 reporting this specific issue (some at headquarters, some remote across the country, and that isnt counting people who just click through an error and dont report it), and we dont have the resources to take the time to generate log files for each of them, so I was hoping that maybe something was standing out in common with the log files already collected... I'll be honest here, and this is not an attempt to hijack this thread, but Im also seeing problems with Outlook startups/lack thereof (that are fixed by uninstalling Malwarebytes) and very long startup times for the workstations themselves starting maybe a week ago, again, solved again by uninstalling Malwarebytes. Im not entirely sure at this point that we are going to budget for new licenses for the coming year, as this program suite is becoming more labor intensive than expected. I would like to stay with Malwarebytes, but I need a solution that is more than just manually uninstalling, cleaning and reinstalling each workstation that has an issue over and over again. FYI: Our workstations are running Anti-Malware 1.80.1.1011 and Anti-Exploit 1.08.2.1045, are all Dell brand running Windows 7 x64 with all Windows updates current and all drivers current via Dell's Command Update. Management Console version V2016.12.29.05, Updated this morning at 7:33am running on Windows server 2008 R2 Thank you in advance for any help you can provide!