Everything posted by Bastionpoint Technology
The fix that Rbuck117 posted appears to be the official fix. Support reported back to us that the issue was resolved, but no details on what that resolution/fix was. On the new installs of Anti-Exploit that we have done, the Memory patch hijack protection setting for Microsoft Office is unchecked by default. So we have disabled that setting in our MBAM Console. Our issue with applying the policy to our endpoints via the MBAM Console appears to have been us making too many policy changes in a short period of time.
We are seeing this too. It is affecting about 200 of our endpoints and we have been unsuccessful in pushing a new policy to our endpoints via the MBAM console to affect that change. We are having to manually touch each computer to work around this issue. We have 20+ man hours into dealing with this so far. I'm attempting to escalate this issue with support.
We had Anti-Exploit block it today. Version 1.09.2.1384. 5/16/2017 12:35:10 Exploit payload process blocked BLOCKC:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe \C copy \Y C:\ProgramData\HP\HP ENVY 5540 series\HPUDC\TH6AL2T0G70671_USB\UDC_device.json C:\ProgramData\HP\HP ENVY 5540 series\HPUDC\TH6AL2T0G70671_USB\UDC_device_2.json