d4005

Oh cool. Thanks.

Allowing the batch file didn't work. Allowing powershell didn't work. You'd think that a powershell command in a batch file causing MB to complain about exploits would be satisfied by both of them on the allow list. Seems not.

That seems even more extreme than what I've done. I've added powershell.exe to the allow list. It remains to be seen if that's helped because it takes hours (hundreds of executions of the script) to find out if MalwareBytes is going to stop interrupting that script. If it does help, I'll try removing it from the allow list once a month - maybe MB will decide it was a step too far, stopping powershell from doing a fairly straight forward command. I'm sure lots of people will complain and lots of programs will no longer be able to do basic things.

I've got a batch file that runs continuously while my Windows 11 machine is on and it's recently (last 2-3 days) started getting this exploit warning which stops the batch file from running. The strange thing is that it runs around twice a minute doing the same things but it's only once or twice a day that MalwareBytes decides it doesn't like what it's doing and stops it. The batch file is looking in a directory for some filenames and if it finds them, it "processes" their filenames by replacing certain characters and then moving them to another folder. It's the renaming of the filenames that's causing MB to to halt the batch file. Here is an example of one of the commands (this one removes exclamation marks from the filenames): PowerShell.exe -Command "dir *.m* | Rename-Item -NewName { $_.name -replace '!',''}" I've tried adding the batch file name to the allow list but that didn't help. It's not the batch file it's unhappy with, it's the individual commands within the batch file. I think if I were to add powershell.exe to the allow list that might work, but if powershell has the power to "do bad things" then it's probably unsafe to do that. Any ideas? Maybe I can add the full command line (PowerShell.exe -Command "dir *.m* | Rename-Item -NewName { $_.name -replace '!',''}") and each of the other commands I do to the allow list, but I'm not sure if the allow list takes command parameters into account. I might find that I'm just adding powershell.exe ten times.

There was an answer on here:

Disabling RTP until a solution appears.

I've seen this answer but it's nearly a year old, so I'm hoping there's a solution since then. I want my real time protection and I want to be notified if MB finds anything. What I don't want is a permanent 'm' icon in the notification bar. Every time I look at my phone I think I've got an email. It's very similar to the Gmail icon. In that answer above it mentions that Google requires an icon to be there is something is running in the background. So why don't I have an icon for Whatsapp? Why don't I have one for Tasker? Why don't I have one for the two separate weather warning apps I have? Then there's a Corona app, ok, I'll stop listing the dozens of apps I've got that "run in the background" but don't feel that they have to provide me with a permanent notification bar icon. Surely just turning it on by default but letting people turn it off if they choose to satisfies Google's suggestions.

😎😎😎

Thanks for that clarification. The popups don't bother me, I only use Vuze for about 10 minutes, two or three times a week. I definitely don't want to exclude Vuze from full protection. There's always a chance that some of the people I'm connected to have malware that tries to infect any machine it's detecting via Vuze. Also, I'm only downloading the occasional TV show, so no executables.

During normal computer usage I never see this, but when I run Vuze (aka Azureus), I'll see it pop up a few times. I have no problem seeing it, I'm happy that MB has protected me and would have it no other way, you guys rock. My question is what has actually happened to cause this popup. I suspect it's either that you've actively detected some malware intrusion attempt and stopped it happening before it could do any damage, or what I think is more likely ... you've detected my machine has a network dialog to an IP address or Domain that you've got on a blacklist due to research or reports of it having been infected. The latter option meaning that before any malware even would get the chance to try something, if the remote machine is still infected, you've blocked it before it got a chance. If these particular blocks are solely from a blacklist, does that mean that malware bytes can't actively detect attempts at intrusion and it's only ever working to block traffic from a blacklist? Or are there other MB modules/processes that are actively monitoring attempts to install software, overwrite DLL's, inject things into the startup sequence, etc?