DonWiss

I guess this is the relevant part: -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit Office spawning batch command blocked File Name: C:\WINDOWS\SYSTEM32\cmd.exe \c dir C:\Music\0_Rips\*.* >c:\temp.prn For MS Office I had unchecked it, but I guess I didn't test properly. I can now run the macro. Thanks for getting me to figure out how to get more details on entries in the Detection History. What is displayed is pretty minimal.

Some changes have been made to the anti-exploit. It is now shutting down my Excel 2002 when I'm trying to run a line of code in the command processor ShellAndThenWait "cmd.exe /c dir """ & d & "\*.*"" >c:\temp.prn" With ShellAndThenWait from: https://web.archive.org/web/20090201012636/http://puremis.net/excel/code/084.shtml Under Application behavior protection I tried unchecking for MS Office the boxes for Office scripting abuse prevention and Office spawning batch command prevention. That didn't work. What new was added that I have to uncheck?

Okay. This is the story. Unchecking MS Office works for Excel-365. It does not work for Excel 2002.

This is in my VBA code that I am trying to run. I'll take the risk. This all worked on Windows 7. But not when I switched to Windows 10. I followed this: Settings -> Security -> Exploit Protection -> Advanced Settings -> Application Hardening -> Disable loading of VBScript libraries -> ?? I found that MS Office was already checked. Unchecking it didn't change anything. The problem is in both Excel 2002 and Excel-365.

Attached. mbae-default.log

vbscript.dll lives in SysWOW64 and System32. It is blocking both as Malware.Exploit.Agent.Generic. I put both in the allow list, but it was blocked again. The one is System32 is 622,592 bytes. The one is SysWOW64 is 547,840 bytes.

vbscript.dll lives in SysWOW64 and System32. It is blocking both as Malware.Exploit.Agent.Generic. I put both in the allow list, but it was blocked again. The one is System32 is 622,592 bytes. The one is SysWOW64 is 547,840 bytes

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/29/21 Protection Event Time: 6:58 PM Log File: d231a038-628d-11eb-bf41-0c7a15d60465.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1146 Update Package Version: 1.0.36419 License: Premium -System Information- OS: Windows 10 (Build 19041.746) CPU: x64 File System: NTFS User: System -Ransomware Details- Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) File: 1 Malware.Ransom.Agent.Generic, C:\APLWIN72\aplw.exe, Blocked, 0, 392685, 0.0.0, efad6f0c4f434f4119f3042b4cd2955b, 4ae86b4af8009072edb2f9eae56df433d3a1917726684e045df6e8c80ac013bd (end)

I have MalwareBytes shut down. Will it update when shut down? I doubt it. If I start it, will the update happened right away?

Don't uninstall. Open MalwareBytes. Go to Settings along the left. Go to second tab: Protection. Scroll down to Start up options. Turn off the first one that starts MalwareBytes upon startup. Reboot.

Much simpler to open MalwareBytes. Go to Settings along the left. Go to second tab: Protection. Scroll down to Start up options. Turn off the first one that starts MalwareBytes upon startup. Reboot.

Don't uninstall. Open MalwareBytes. Go to Settings along the left. Go to second tab: Protection. Scroll down to Start up options. Turn off the first one that starts MalwareBytes upon startup. Reboot.

I'm waiting for it to hit the home page of The New York Times, Washington Post, etc. MalwareBytes must have many millions of users. All now with PCs barely working. Most users will be too clueless to know what is wrong. There is only one correct fix. Open MalwareBytes. Go to Settings along the left. Go to second tab: Protection. Scroll down to Start up options. Turn off the first one that starts MalwareBytes upon startup. Reboot.

The program updates itself. Yours was automatically updated a few hours ago.

There is only one correct fix. Open MalwareBytes. Go to Settings along the left. Go to second tab: Protection. Scroll down to Start up options. Turn off the first one that starts MalwareBytes upon startup. Reboot.