[(Steam) False postive or Configuration issue with MBAM Premium Protection?]

Thanks shadowwar, 

In general, is there a best practice for configuring MBAM to work with Steam? I would imagine a significant percentage of MBAM customers use that software but I'm having trouble finding data on it (particularly for MBAM 3+). Steam does use a Chromium build as it's web browser overlay while running games or watching media - and it's a full fledged browser without extension support -- so vulnerable to Javascript Exploits, etc. It's tricky tho because it also has Anti-Cheating mechanisms that may or may not work with MBAM's hooks. It also constantly installs Visual Studio Redistribs and DirectX so that might be False-Positive hell. 

Any ideas? Or could you point me in a good direction where this has been discussed?

[(Steam) False postive or Configuration issue with MBAM Premium Protection?]

I'll get the logs but here are the files in question. Note: scanning didn't turn up anything only upon executing it for it's initial launch does it trigger a Generic Exploit alert. (Which is why I was wondering if I should change or remove the steam protection in mbam - due to its nature of installing DirectX and Microsoft Redistribs)

EDIT: The file's too large, going to PM it to you.

[(Steam) False postive or Configuration issue with MBAM Premium Protection?]

Okay thanks for moving it. I'm still having the issue and have ran the MB-CLEAN utility and reconfigured MBAM - exploit still found while installing Nier Automata D:

[(Steam) False postive or Configuration issue with MBAM Premium Protection?]

 

6 hours ago, Porthos said:

Even if you did add the exclusion it will not be honored on any drive but the main drive. (Bug)

I'm not sure I follow. Was I not clear in my original post? Are you saying it is a false positive and I should create an exclusion (even tho it won't work due to a bug)? I'd basically like to know if I had steam + steam components configured correctly in MBAM application settings AND/OR if the exploit warning is anything to worry about...

[(Steam) False postive or Configuration issue with MBAM Premium Protection?]

Hello,

For starters I wanted to know if it's advisable to add the steam.exe and steamwebhelper.exe to the list of protected applications in MBAM Premium real-time protection list. I did just that and added steam as a "media player" (??) and steamwebhelper.exe as a Chromium based browser. Last night I purchased Nier: Automata and upon executing it for the first time (triggering its install process) MBAM blocked the nierautomata.exe saying it was a generic exploit agent. Subsequent attempts after verifying the game's integrity reproduces the same behavior.

Most importantly I would like to know if adding STEAM and STEAMWEBHELPER to the protected applications list, as I have, is recommended -- or should I change the program type from MEDIA PLAYER to OTHER? If not a config issue then perhaps I'm just reporting a false positive. (I hope)

How should I proceed?

Here are the two relevant log notes:

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2903
License: Premium

-System Information-
OS: Windows 10 (Build 15063.632)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: steam
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload file blocked
File Name: D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
URL:

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2903
License: Premium

-System Information-
OS: Windows 10 (Build 15063.632)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 1
Malware.Exploit.Agent.Generic, D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe, Quarantined, [0], [392684],0.0.0

Exploit: 0
(No malicious items detected)