MarkMauger

Oh, and yes, turning off protection for the Microsoft Access application also works for our application.

I did a little more digging and found out what is really happening. It has nothing to do with the StartAccess5_2013.exe program. In the startup of our Access database, we run some VBA code that includes the VBA ""Shell" command to run StartAccess5_2013.exe to perform a particular function. It turns out it is the use of the Shell command that is triggering the exploit. If I go into Settings, Security, Exploit Protection, Advanced Settings, Application Behavior Protection, then uncheck Office VBA7 abuse protection under MS Office, it fixes the problem. It doesn't matter if I shell out to Notepad.exe, it gets blocked unless I uncheck this setting. Or I can go through adding the exploit to the allow list so it doesn't get blocked anymore. So this means any Office VBA developer that has an application they distribute to users/customers is going to be flooded with calls just because they use the Shell command. It doesn't matter what they are running, just the fact that they use the Shell command from VBA in an Office app. Ours is from MS Access and we have thousands of customers that have our program installed. This seems to be a recent change by Malwarebytes that triggered this mess. I have always been a fan of Malwarebytes, but this seems extreme. From your point of view it might seem like an easy fix, but this is going to damage our reputation as a software vendor and cause a lot of pain for our customers and our company in terms of support. I hope someone can take a closer look at this and not punish software developers for using the Shell command or customers for using Malwarebytes.

Some more information... Here is an example of the exploit detection information in Malwarebytes. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/30/21 Protection Event Time: 9:58 AM Log File: 5ac9ba8a-099a-11ec-9f75-6002922a5051.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44477 License: Premium -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\ProgramData\Quantum Project Manager 20.0 Test\StartAccess5_2013.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Access Protection Layer: Application Behavior Protection Protection Technique: Exploit payload file blocked File Name: C:\ProgramData\Quantum Project Manager 20.0 Test\StartAccess5_2013.exe URL: (end)

We have a commercial software program called Quantum Project Manager that uses the Microsoft Access runtime and have been selling and supporting this for many years. We use a program we purchased from SageKey Software several years ago to launch Microsoft Access in a way that avoids MS Office reconfiguration messages. It is called StartAccess5_2013.exe (for Access 2013) or StartAccess5_2007.exe (for Access 2007) and this is on the target line for the shortcut to launch or program. Recently, an update to MalwareBytes for Windows has been flagging this as an exploit and Quarantining this file so our program will not start. We have to restore it from quarantine and then add the exploit to the allow list. Then everything works ok. Needsless to say this is causing a lot of support calls to our help desk and a lot of problems with our customer base. How can I get these two programs added to some master exception list to stop this whole situation from continuing?