LydiaS

@AdvancedSetup, yes, turning off exploit protection for MS Access does the trick. I was hopeful we could find a different solution, but that works. Thanks again for all your help with this.

Thank you for your continued assistance @AdvancedSetup. Apologies for the delayed response. I am still having the issues previously discussed. I had a minor point of confusion with your most recent instructions, so here is what I did. 1) Performed the Clean reinstall of MalwareBytes using the Malwarebytes Support Tool. I was not prompted to restart the machine, but I did so anyway. A text file called "mbst-clean-results" was generated after the reinstall. 2) Gathered logs right after the machine restarted. This zip is attached and named "mbst-grab-results_afterRestart". 3) Gathered logs with default settings after launching the program that is having problems. This zip is attached and named "mbst-grab-results_defaultSettings". 4) Gathered logs after launching the program with Office VBE7 abuse prevention disabled. This zip is attached and named "mbst-grab-results_VBE7disabled". I hope what I did was sufficient to gather the information that you need. Thanks, again. mbst-grab-results_afterRestart.zip mbst-grab-results_defaultSettings.zip mbst-grab-results_VBE7disabled.zip

@AdvancedSetup I just realized that the zip I sent you earlier might not have information on the blocked clipboard exploit, but rather on a problem I had previous to that one that I had already resolved by disabling "Office VBE7 abuse prevention" under the "Application abuse prevention" tab in advanced settings. I have attached another zip. This one was run with "Office VBE7 abuse prevention" disabled so that the clipboard problem would be caught instead of the WShellScript that runs prior to the clipboard call. mbst-grab-results.zip

@AdvancedSetup The zip you requested is attached. Incidentally, I discovered another conflict with MalwareBytes during the course of events yesterday. A VB script very common to our databases that we use to compact/repair/restart MS Access is also being blocked as an exploit. But one problem at a time. I am hopeful that a solution for this clipboard problem will be a solution for that problem as well. As a temporary solution, I disable exploit protection only for MS Access in the "Manage protected applications" menu whenever I need to work on these databases (I made sure to reenable it when I followed your instructions to get the event logs). Thanks again. Looking forward to your next reply. mbst-grab-results.zip

Thank you for the response, @AdvancedSetup! Love the Kirk av.! Unchecking "Office scripting abuse prevention" did not work. I also tried unchecking each of the other checked settings listed under "MS Office" in "Application behavior protection", one at a time, with no success. My programmatic use of the clipboard is still being blocked.

I use MS Access to program small applications for private use in a small business. I updated to the latest version of MalwareBytes about half an hour ago and have been experiencing a few issues since then. The latest update seems to take issue with a utility I created to improve the functionality of some of our databases. In this utility, I execute a WShellScript (I already found the fix to stop MalwareBytes from blocking that) that uses the clipboard to grab some information on a process. MalwareBytes is blocking the utility from doing this. Disabling Exploit Protection resolves the problem, but I do not want to disable Exploit Protection entirely. Please, help. TIA. The report details on the blocked exploit are as follows: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/19/21 Protection Event Time: 9:01 AM Log File: 16e51a54-1952-11ec-99a0-4cebbd66fe46.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.45114 License: Premium -System Information- OS: Windows 10 (Build 19042.1237) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Get-Process MSACCESS).id | clip, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Access Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Get-Process MSACCESS).id | clip URL: (end)