Joe_8000

Sorry, for not responding. I could not find a support link on Malwarebytes website and eventually ended up here in the forums. But after posting here I finally was able to contact their support using their chat bot. They did respond that this is a false positive and the way to avoid it is in \Settings\Security\Exploit Protection\Manage Protected Applications\, and to unselect Microsoft Access instead of trying to make an exception for the DLL itself. This seems to have worked. Hopefully they will fix the false positive at some point.

Our company uses an application created with Microsoft Access. It loads drivers for a scanner. MWB blocks the scanner driver every time it is accessed. I have tried to allow both the indicated file and the folder with no luck. I have also scanned the indicated DLL at the virus total website and it was not detected as a threat. The folder the file appears in is the \appdata\local\temp\ folder. This is speculation on my part but it seams that when Microsoft Access loads the driver, a copy is made of the original driver and then placed in the users temp folder . This copy has a different name than the original DLL. I have also tried excluding the source DLL with no luck. If I look at MWB history, the temp file is listed many times, each with a different hash. I have also tried allowing all the different previously detected copies in MWB with no luck. My guess is the MWB is detecting this in memory each time Access loads it and I have not found a way to prevent this. Any help is appreciated.