Jump to content

jkpieterse

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by jkpieterse

  1. OK, thanks. I wonder: What precisely makes this setting flag my add-in as unsafe? Perhaps I can modify the code to avoid the problem to begin with?
  2. Hi, Here to report a false positive on an Excel add-in I sell (attached, the xlam file in the zip). I update this file about 10 times a year and pretty regularly it is flagged as malware and removed by MalwareBytes (the only AV software I get these reports on). Can this be remedied please? I'm loosing customers on this. RefTreeAnalyserXL.zip
  3. I'm (again) reporting a false positive on the exploit detection. Here's the relevant part of the MalwareBytes log: -------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/12/23 Protection Event Time: 8:55 PM Log File: 0a64df22-c0bc-11ed-86bc-d8bbc14ee46c.json -Software Information- Version: 4.5.24.248 Components Version: 1.0.1944 Update Package Version: 1.0.66603 License: Premium -System Information- OS: Windows 11 (Build 22621.1344) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.HeapMemoryCodeExecution, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: https://jkp-ads.com/downloa/downloadscript.asp?filename=RefTreeAnalyserXL.xlam (end) --------------------------------
  4. It was disabled, as per your screen-shot.
  5. My customer got back to me: " As I thought, the "Application Hardening" options were left as-is, i.e. I have not changed the defaults. Here is a screenshot from before I clicked "Restore Defaults", followed by the same options screen after clicking "Restore Defaults" and "Apply" <SEE ATTACHED SCREENSHOT> No change, no difference. And here is a log of the actual block event: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/8/23 Protection Event Time: 8:15 PM Log File: 18c770e6-a791-11ed-bd2b-d8bbc14ee46c.json -Software Information- Version: 4.5.21.231 Components Version: 1.0.1890 Update Package Version: 1.0.65440 License: Premium -System Information- OS: Windows 11 (Build 22621.1194) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.HeapMemoryCodeExecution, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: https://jkp-ads.com/downloa/downloadscript.asp?filename=RefTreeAnalyserXL.xlam "
  6. Hi @Porthos Thanks for responding. I'll inform the user accordingly. Will revert if I hear anything back from him.
  7. It seems the automatic update mechanism of my Microsoft Excel RefTreeAnalyser VBA add-in triggers an exploit (see screenshot). The tool in question can be downloaded directly from here: https://jkp-ads.com/downloadscript.asp?filename=RefTreeAnalyserXL.zip
  8. I'd love to, but this is a file many people download and I just received this email message (redacted to remove privacy-sensitive information).
  9. Hi, I've had a user report that malwarebytes triggers a virus warning on this download: https://jkp-ads.com/downloadscript.asp?filename=reftreeanalyserxl.xlam The file does not contain any malware.
  10. Hi there, My site seems to trigger warnings on Malwarebytes. The user who contacted me tried to access this page: https://www.jkp-ads.com/articles/Excel2007TablesVBA.asp stating the site was blocked because of a trojan. I'm positive there isn't any problem with my website. Now what?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.