HickMan

Thanks a lot. I've tried it out and it works. Your answer was very clear and gave a helpful, sensible assessment of the risks and benefits of your recommendation.

The log file is below. In this example the call was to WinZip, but it does not matter what program is being opened - calls to Microsoft Word and Serif PhotoPlus resulted in identical behaviour. Log File: de375520-2417-11ec-b072-b4b686b8278f.json -Software Information- Version: 4.4.7.134 Components Version: 1.0.1464 Update Package Version: 1.0.45532 Licence: Premium -System Information- OS: Windows 10 (Build 19042.1237) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files (X86)\WinZip\WINZIP32.EXE -a -P C:\Test\NewZipFile.zip C:\Test\1.txt, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Access Protection Layer: Application Behavior Protection Protection Technique: Exploit payload macro process blocked File Name: C:\Program Files (X86)\WinZip\WINZIP32.EXE -a -P C:\Test\NewZipFile.zip C:\Test\1.txt URL:

Using Microsoft Access Visual Basic, whenever I use the Shell command to open another program, the Real Time Exploit Protection terminates the program. There does not seem to be any way to flag the app as "allowed" with regard to Real TIme Protection (the Allow List only works for the Scanner).