[Malwarebytes blocks a legitimate script i wrote]

Actually it does work now all of a sudden. It's super weird seems like it's not behaving consistently.

[Malwarebytes blocks a legitimate script i wrote]

I restarted the PC, still happening. I tried on a different PC as well, same thing. If I can't figure this out soon I'll have to give up on malwarebytes and replace it with a different antivirus that allows me to run legit programs. 

[Malwarebytes blocks a legitimate script i wrote]

Unfortunately that doesn't solve the issue. Malwarebytes still blocks my script from running. The layer that does it is : "Application Behavior Protection" and the technique is "Exploit payload process blocked".

Why is this so difficult? 

[Malwarebytes blocks a legitimate script i wrote]

Thanks. Look forward to hear what can be done to whitelist my script in malwarebytes so that I can keep using it. 

[Malwarebytes blocks a legitimate script i wrote]

I'm uploading the log files as instructed. 

 

[Malwarebytes blocks a legitimate script i wrote]

I can do this, but I don't feel comfortable uploading all these logs to a public website. Is there a way i can send you this directly and not upload logs so they're visible on this website? 

[Malwarebytes blocks a legitimate script i wrote]

It is off and it was always off.

[Malwarebytes blocks a legitimate script i wrote]

This solves the issue in the 2nd log. But look at my first log, I can't find a way to get rid of that.

[Malwarebytes blocks a legitimate script i wrote]

Nobody else has any suggestions? There has to be a way to whitelist a legit program. 

[Malwarebytes blocks a legitimate script i wrote]

Yes, as i wrote, disabling the exploit protection "fixes" the issue. But it's not really a fix, as it leaves my computer theoretically vulnerable. I run these tools and scripts many times a day, so I would have to permanently uncheck the "exploit protection on" in order to be able to do what I need to do. This is not a workable long term solution.

As someone who's used malwarebytes for 10+ years or so, I have to say that Malwarebytes is EXTREMELY confusing. The whole process of white-listing an application or a script is a disaster, at least from my specific use-case.

1) The GUI contradicts itself. Exploits are shown in the history tab but then in Allow section the GUI says no prior exploits (?!)
2) Explicitly allowing a program/script doesn't appear to change anything either. Malwarebytes still complains about the program which was explicitly added to the "allow" list (?!) 
3) The same script is allowed to run if i type the command manually in the command prompt, but it is not allowed to run if triggered by MS Excel (?!)

Can you help me make some sense out of all this?

[Malwarebytes blocks a legitimate script i wrote]

As i wrote in my original post "Previously Detected Exploit" doesn't show anything. See the attached screenshot.

[Malwarebytes blocks a legitimate script i wrote]

After i reset the settings - Now it complains about excel spawning batch commands. I was able to bypass this complaint in the past by changing some settings related to MS Office, But now that i reset them, it's complaining about it again. 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/10/2024
Protection Event Time: 12:46 AM
Log File: 51fe2292-f6f5-11ee-9c4f-8cc84b0ed3a0.json

-Software Information-
Version: 5.1.2.109
Components Version: 1.0.1207
Update Package Version: 1.0.83259
License: Premium

-System Information-
OS: Windows 11 (Build 22621.3447)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.OfficeSpawningBatchCommands, C:\WINDOWS\SYSTEM32\cmd.exe \k python \syn-nas-2\storage\config-files\windows\scripts-and-tools\msmoney\qfxtomoney.py %homepath%\Desktop\, Blocked, 725, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office spawning batch command blocked
File Name: C:\WINDOWS\SYSTEM32\cmd.exe \k python \syn-nas-2\storage\config-files\windows\scripts-and-tools\msmoney\qfxtomoney.py %homepath%\Desktop\
URL: 

(end)

[Malwarebytes blocks a legitimate script i wrote]

The log doesn't have much more in it than what I described above:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/10/2024
Protection Event Time: 12:34 AM
Log File: 8e17016a-f6f3-11ee-a983-8cc84b0ed3a0.json

-Software Information-
Version: 5.1.2.109
Components Version: 1.0.1207
Update Package Version: 1.0.83257
License: Premium

-System Information-
OS: Windows 11 (Build 22621.3447)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Users\userxyz\AppData\Local\Programs\Python\Python312\python.exe python \syn-nas-2\storage\config-files\windows\scripts-and-tools\msmoney\qfxtomoney.py \Users\userxyz\Desktop\, Blocked, 701, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Users\userxyz\AppData\Local\Programs\Python\Python312\python.exe python \syn-nas-2\storage\config-files\windows\scripts-and-tools\msmoney\qfxtomoney.py \Users\userxyz\Desktop\
URL: 

(end)

[Malwarebytes blocks a legitimate script i wrote]

I'm running Malwarebytes 5.1.2. This issue has been driving me nuts. I've written a python script which gets launched from an excel spreadsheet when a user clicks a button in the spreadsheet. The excel VBA code launches a windows command prompt that executes a python script which i wrote myself and is 100% legit. The command invoked is this: "cmd /k python \\my-nas-path\path-to-script\script.py"

But Malwarebytes blocks my desired workflow from executing. In a History I see "RTP Detection" and in the details it shows "Exploit payload process blocked"  and the Layer says "Application Behavior Protection".  I've tried  adding to the "allow list"  the folder where my python script resides and the python.exe executable. This doesn't change anything, malwarebytes still blocks my script from executing.  Further to this,  if I try to add an item to the "allow list" by selecting "previously detected exploit", the malware bytes GUI doesn't show any previously detected exploits. They appear in the history tab, but they don't appear in "previously detected exploits" section when trying to add something to the "Allow List"

To make matters even more confusing, If i actually type "cmd /k python \\my-nas-path\path-to-script\script.py" in the command prompt in windows my script is allowed to run. But if the identical command is executed via clicking on an excel button, then malwarebytes complains.  

One way i can get my script to run when laucnhed via excel is if uncheck "Explit protection" in malwarebytes. But i don't want to disable all exploit protection. I just want to tell malwarebytes that this particular script when launched via excel button click is ok to run. There is nothing unsafe about it, i wrote the script myself. 

So how can i "whitelist" this so that malwarebytes doesn't complain about it?