Jump to content

Rbuck117

Members
  • Content Count

    9
  • Joined

  • Last visited

About Rbuck117

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Multiple alerts, usually a machine will flag 2-3 programs (word, excel, acrobat, foxit) then after those 2-3 alerts nothing else. Application behavior protection: Unauthorized attempt to unload protection detected.
  2. Thanks for the confirmation Malwarebytes!
  3. Reaching out to see if others are having a similar issue. We just started getting heavy E-mail notifications on an apparent backdoor Trojan on ace.dll for Adobe Acrobat. (C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\ACE.dll) My first reaction is that this is a false positive due to how many machines we're getting notified are infected. Anyone else getting these notifications?
  4. Directly from support to me. I've sent them over what I had already. If I had to take a guess I would say this isn't affecting a large number of Malwarebyte's customers as they usually have these types of issues resolved rather quickly. (We may be in for the long haul on this one)
  5. UPDATE: Per Malwarebytes Support - We apologize the inconvenience caused. You can disable the "Memory patch hijacking protection" from PDF Readers as you did for the MS Office from the management console. Policy-> Edit-> Anti-Exploit-> Advanced. See screenshot attached Also, ultimately, you can disable the shield for those applications completely from the Anti-Exploit tab within the Edit Policy window. You can uncheck the box for the appropriate Profile/Application Name. See screenshot attached. Also, we appreciate you taking the time to collect the debug logs and request that you please provide us with FRST ( Run Farbar Recovery Scan Tool to gather logs ) logs as they are necessary to carry out the investigation to the root cause of this issue. Still no resolution at this time. Also, sounds like there are some issues w/ PDF readers in addition to MS Office. I'll keep everyone posted as soon as I hear anything else.
  6. I have been disabling memory patch hijacking protection on my endpoints on a per case basis. As of this morning, I'm still receiving alerts. I have E-mailed Malwarebytes support for an update this morning, keep you guys posted if I hear anything back.
  7. Per Malwarebytes support: We are currently getting reports of this block and our development is currently working on a resolution. “Block”/Error Message: Protection against OS Security Bypass/Process hollowing protection. When I chatted w/ Malwarebytes support they indicated that a recent update to Anti-Exploit has been causing false positives, specifically w/ Office programs. The temporary workaround is to disable memory patch hijacking protection on the agent(s) (server-side). I have not been updated on a resolution since. Hope it helps!
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.