kentgorrell

Could you dev team think about providing a bit more feedback on exploit blocks, In this case the Report tells us the application and Location and Techinque: Exploit payload process blocked; Layer: Application Behavior Protection; Exploit: Malware.Exploit.Agent.Generic but no mention of the security option involved - in this case: Office scripting abuse prevention Could they add a section to the Exploit Block Report that had something like - If you do not want to block this potent exploit in future go to Exploit Protection > Advanced settings where you can change your setting for "Office scripting abuse prevention"

I don't suppose there were release notes to inform users of these changes but you would at least think that they might inform support staff. May I suggest an email to, at least premium users, just before a new version is unleashed on the unsuspecting. In this case a headline in the email or release notes like "If you use Office Automation (VBA or Macros in Office Applications), please note the following..." I can see why you might want to block VBA from opening a file but... I'm not entirely sure that there is a business case for blocking a VBA script from simply opening a folder. Maybe they need to get a bit more granular on what they block. Preferably before they implement a new technique. Just think about how much time it takes each user to work out what's happened then multiply that by the number of users affected. Otherwise, I'm pretty happy with MalwareBytes and recommend it to my clients.

Well, there are two posibilities, either - installing the new version changed this option from false to true or there is a change to how the new version implements this option do you have any detailed documentation on this option or indeed all options? some option names are not very descriptive and it would be good if you could click on an option and be taken to a page that explained its effect. maybe even a list of default settings and an explanation of why each is either set to true or false. Even just a "Recommended" next to settings to identify them as default to true.

Office scripting abuse prevention is the offending setting

This has been working OK for years, problem only arose after installing the new version of MalwareBytes. why would I set Exploit settings back to default? what other things would this affect? Can you be specific on which settings may be causing this issue? Under MS Office - we have options checked for Malicious LoadLibrary prevention Office WMI abuse prevention Office VBA7 abuse prevention Office VBD7 abuse prevention Office scripting abuse prevention etc. could it be one of these? Note: in the attached file, the exclusions shown were added after this issue arose. mbst-grab-results.zip

This issue has just started with the new version of MalwareBytes install yesterday. I often use VBA in MS Access to open a folder (or file). Shell "C:\WINDOWS\explorer.exe """ & strFolder & "", vbNormalFocuslms-crash-course-metrics-analytics-refresh.pdf I can't see how to allow allow this. I've tried adding C:\WIndows\explorer.exe and the specified folder to the Allow list but the call is still being blocked. see attached Report MalwareBytes Access Block.txt

This issue has just started with the new version of MalwareBytes install yesterday. I often use VBA in MS Access to open a folder (or file). I can't see how to allow allow this. I've tried adding C:\WIndows\explorer.exe and the specified folder to the Allow list but the call is still being blocked. see attached Report MalwareBytes Access Block.txt