Jump to content

craigspi

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by craigspi

  1. Starting last night my Office apps all have been blocked and terminated due to "exploit payload process being blocked" I have run full scans with multiple tools and have not found any malware. See logs below. I am using MWB Premium version 4.2.1.89. As a possible solution under advanced options I "restored defaults" and disabled pentation testing attacks. It appears to have solved the issue, though I am not comfortable disabling pen testing. Has anyone else observed this issue? -Log Details- Protection Event Date: 10/9/20 Protection Event Time: 10:35 AM Log File: d4b32d94-0a55-11eb-a2a8-f06e0bd200d3.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1061 Update Package Version: 1.0.31054 License: Premium -System Information- OS: Windows 10 (Build 19041.508) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit payload macro process blocked File Name: URL: outlook-malware.txt
  2. I have been having the same issue. I can open the Office apps and create a new doc, but if I save the doc or open an existing doc, MWB closed the apps and pops up a warning "exploit payload macros process. The logs show the following -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit payload macro process blocked File Name: URL: for outlook the log is -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Outlook Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13231.20262.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\GIFIMP32.FLT URL:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.