bhabel

Thank you

Would you be able to check this install media? InternationalPrimoPDF 050815.exe – PUP.Optional.OPENCandy InternationalPrimoPDF042712.exe – PUP.Optional.OPENCandy \AppData\Local\Temp\nseE698.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken. [c9c3073a6d4c90a6be29bdb950b32fd1] MBAM-log-2018-11-06 (08-38-17).txt Primo.zip

thank you

Exploit payload file blocked BLOCK C:\Users\****\AppData\Local\Temp\vlc-3.0.4-win32.exe **** VLC Player C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Attacked application: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe; Parent process name: SpillmanClient.exe; Layer: Application Behavior Protection; API ID: 205; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: Malwarebytes Management Console > Policy > ***** (Default) > Right Click > Edit > Anti-Exploit > Advanced > Application Behavior Protection We do not have Application Behavior Protection enabled for Media Players. Object Scanned: C:\users\****\AppData\Local\vlc-3.0.4-win32.exe I can't add the scanned object to Anti-Exploit Exclusion List: Selected threat does not contain a valid payload checksum, it cannot be added into exclusion list. The alert only occurs if we try to pay a video from the Spillman application with VLC. Playing the videos directly does not seem to be affected. This issue started after the update on 9/20/2018.

Howdy Arthi, any updates on this? It is being flagged by Malwarebytes Anti-Exploit.

We are still receiving alerts that VLC 3.0.4 is being blocked. Exploit payload process blocked BLOCK C:\Users\****\AppData\Local\Temp\vlc-3.0.4-win32.exe **** VLC Player C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Attacked application: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe; Parent process name: SpillmanClient.exe; Layer: Application Behavior Protection; API ID: 205; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: Exploit payload file blocked BLOCK C:\Users\***\AppData\Local\Temp\vlc-3.0.4-win32.exe **** VLC Player C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Attacked application: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe; Parent process name: SpillmanClient.exe; Layer: Application Behavior Protection; API ID: 205; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra:

VLC is still being flagged. vlc-3.0.4-win32.exe vlc-3.0.4-win64.exe Exploit payload process blocked BLOCK C:\Users\jhay\AppData\Local\Temp\vlc-3.0.4-win32.exe jhay VLC Player C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Attacked application: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe; Parent process name: SpillmanClient.exe; Layer: Application Behavior Protection; API ID: 205; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: Exploit payload file blocked BLOCK C:\Users\jhay\AppData\Local\Temp\vlc-3.0.4-win32.exe jhay VLC Player C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Attacked application: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe; Parent process name: SpillmanClient.exe; Layer: Application Behavior Protection; API ID: 205; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra: Let me know what you need

Atribune, our management server still hasn't gotten v2018.08.31.05 yet.

Express Scribe essetup.exe is being flagged as Adware.DLAssistant.Generic Database Version v2018.08.31.04 MBAM-log-2018-08-31 (13-07-25).txt False Positive.zip

Password Safe Version 3.17 pws_at.dll is being flagged as Adware.DLAssistant.Generic Database Version v2018.08.31.04 False Positive.zip MBAM-log-2018-08-31 (12-45-41).txt

Is this list of known issues still current? Malwarebytes Management Console 1.8.1 Malwarebytes Anti-Malware for Business 1.80.2 Malwarebytes Anti-Exploit for Business 1.12.2.90

Just to clarify, this means uninstall then reinstall correct?

Is this still an outstanding issue with MBAM 1.80.2 and Kaspersky? https://support.malwarebytes.com/docs/DOC-2324

Can you quantify "excessive"?

Thanks, my confusion was the line " To mitigate delays, reinstall your managed clients". I wasn't sure if this meant uninstall then reinstall or simple push the client install and it would upgrade the version.