Jump to content

craigspi

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Starting last night my Office apps all have been blocked and terminated due to "exploit payload process being blocked" I have run full scans with multiple tools and have not found any malware. See logs below. I am using MWB Premium version 4.2.1.89. As a possible solution under advanced options I "restored defaults" and disabled pentation testing attacks. It appears to have solved the issue, though I am not comfortable disabling pen testing. Has anyone else observed this issue? -Log Details- Protection Event Date: 10/9/20 Protection Event Time: 10:35 AM Log File: d4b32d94-0a55-11eb-a2a8-f06e0bd200d3.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1061 Update Package Version: 1.0.31054 License: Premium -System Information- OS: Windows 10 (Build 19041.508) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit payload macro process blocked File Name: URL: outlook-malware.txt
  2. I have been having the same issue. I can open the Office apps and create a new doc, but if I save the doc or open an existing doc, MWB closed the apps and pops up a warning "exploit payload macros process. The logs show the following -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit payload macro process blocked File Name: URL: for outlook the log is -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Outlook Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\GIFIMP32.FLT URL:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.