Jump to content

esheldon

Members
  • Posts

    8
  • Joined

  • Last visited

Posts posted by esheldon

  1. Have a few users that are unable to save documents in various Office applications due to MBAE it looks like.  Here's one user's event log info when he tries to save a spreadsheet in Excel:

    Faulting application name: EXCEL.EXE, version: 16.0.9126.2336, time stamp: 0x5c078f5f
    Faulting module name: mbae64.dll, version: 1.9.2.1291, time stamp: 0x58512128
    Exception code: 0xc0000409
    Fault offset: 0x0000000000034bdb
    Faulting process id: 0x2588
    Faulting application start time: 0x01d4acf1377138ed
    Faulting application path: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
    Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
    Report Id: 5c801e01-b35e-4fc0-b54e-e60a58e6146d
    Faulting package full name:
    Faulting package-relative application ID:
    Fault bucket 1939379432757964537, type 5
    Event Name: BEX64
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: EXCEL.EXE
    P2: 16.0.9126.2336
    P3: 5c078f5f
    P4: mbae64.dll
    P5: 1.9.2.1291
    P6: 58512128
    P7: 0000000000034bdb
    P8: c0000409
    P9: 0000000000000005
    P10:

    Attached files:
    \\?\C:\Users\epickens\AppData\Local\Temp\{63CB8CD7-9174-46FB-B23B-58CEF6CA0FFF} - OProcSessId.dat
    \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B9F.tmp.dmp
    \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D84.tmp.WERInternalMetadata.xml
    \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DC3.tmp.xml
    \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DC1.tmp.csv
    \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DD2.tmp.txt

    These files may be available here:
    \\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_d7979f707af2e445c88b5c13276953f348ab4b_1d62facc_2e959fc5

    Analysis symbol:
    Rechecking for solution: 0
    Report Id: 5c801e01-b35e-4fc0-b54e-e60a58e6146d
    Report Status: 268435456
    Hashed bucket: 75c642ca409d9229aaea0f519e3caef9
    Cab Guid: 0

  2. We force our users to load our company SharePoint site as their default home page in IE.  I get notifications every day with various registry keys showing as modified per various computers.  I know they'll all be different, but how can I basically white list the entries for OUR SharePoint/home page changes, but notify me when malicious activity changes the home page to something else?

  3. This product is showing me that it's less and less of an enterprise solution.  I have checked DNS/DHCP/AD/etc, and everything shows fine.  I can ping my computer from the server fine (of which I have myself set as a static ip for the past few years).  I have rebooted the MBAM server.  I have updated the console to the latest version.  Yet, the MBAM software can't see my computer.  Showing network path not found.  

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.