Hi all,
I am trying to figure out if this is a false-positive on a bad rule or my excel is infected. All I did to trigger this was download a CSV (not xlsx) from my bank's account portal and open it with Excel. My bank is extremely reputable and known world-wide; aka this was not a download from a sketchy site.
I am leaning towards a bad rule as the executable splwow64.exe is the print spooler which makes me think of the PrintNightmare vulnerability a couple months ago.
Exploit: 1
Malware.Exploit.Agent - Exploit payload process blocked, C:\WINDOWS\splwow64.exe C:\WINDOWS\splwow64.exe 8192, Blocked, 0, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\splwow64.exe C:\WINDOWS\splwow64.exe 8192
I have ran a Malwarebytes scan and Win Defender on Excel and there is nothing suspicious about the file nor my Excel. Please note, my allow list is empty.
May I get some assistance please? Attached is the detection results.
-System Information-
OS: Windows 10 (Build 19043.1415)
CPU: x64
File System: NTFS
User: System
FPonsplwow64.txt
