maxamillion

Hi, I came back today to see if there was any info on this topic. I have included the zip file as requested. TIA mbst-grab-results.zip

I use mkvirtualenv https://virtualenvwrapper.readthedocs.io/en/latest/command_ref.html to create virtual environments for Python development. mkvirtualenv creates a symbolic link to python to the environment folder when creating the environment. I have tried adding the file (symbolic link) to the ignore list but this has no effect. If I replace the symbolic link with the real file I have no further problems, but this defeats the purpose of the Virtual Environment. The only other option is to turn of Exploit Protection in fact I usually just Quit Malware bytes completely. 'Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , ' Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/7/21 Protection Event Time: 3:11 PM Log File: 0afb2eb6-0f9a-11ec-92ea-08d40cec9aa4.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.44716 License: Premium -System Information- OS: Windows 10 (Build 19043.1202) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: C:\Users\xxxxx\Envs\sensorenv\Scripts\python.exe Protection Layer: APT Behavior Protection Protection Technique: T1003 - Credential Access File Name: URL: (end)

Still no resolution to the problem of Python virtual environments being detected as a 'Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , ' Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/7/21 Protection Event Time: 3:11 PM Log File: 0afb2eb6-0f9a-11ec-92ea-08d40cec9aa4.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.44716 License: Premium -System Information- OS: Windows 10 (Build 19043.1202) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: C:\Users\xxxxx\Envs\sensorenv\Scripts\python.exe Protection Layer: APT Behavior Protection Protection Technique: T1003 - Credential Access File Name: URL: (end)

OK, Today I had false positives for the python.exe executable so I have now disabled "Exploit Protection"

Exploit protection has just started flagging python.exe (symlink) as an exploit when debugging in VScode. I use mkvirtualenv https://virtualenvwrapper.readthedocs.io/en/latest/command_ref.html to create virtual environments for Python development. mkvirtualenv creates a symbolic link to python to the environment folder when creating the environment. I have tried adding the file (symbolic link) to the ignore list but this has no effect. If I replace the symbolic link with the real file I have no further problems. The only other option is to turn of Exploit Protection.

Hi Ron, Thanks for the reply. Sorry for taking so long to get back, I wasn't following the thread.(I'll do better next time, promise) Attached are the two files as requested. Note this only happens on one PC. Regards Malcolm mbae-default.zip MBAMSERVICE.zip

Hi, This morning I started getting block on Adobe reader when I try to send an email. I have added AcroRd32.exe to the exception list but it makes no difference so I have had to disable anti-exploit for the time being. The error happens regardless of adobe reader DC or Adobe Reader XI TIA. expolit.txt