Hello MawareBytes Team,
We've got a very emotional email from a customer who has MalwareBytes blocking a powershell script that our Excel add-in uses. This effectively blocks the add-in and doesn't let the customer work. Note that no other antivirus software vendor blocks the script. Below are the details the customer provided. The ps1 file mentioned below contains this call: Get-ProcessMitigation -Name EXCEL.EXE. I'm ready to look for extra details should you need this.
===
-Log Details-
Protection Event Date: 7/15/2024
Protection Event Time: 12:18 PM
Log File: 7bafb168-4250-11ef-9189-e0d55e6ce92f.json
-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1280
Update Package Version: 1.0.86840
License: Premium
-System Information-
OS: Windows 10 (Build 19045.4651)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Exploit.PayloadProcessBlock, C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe & 'C:\Program Files (x86)\Ablebits\Ultimate Suite for Microsoft Excel\1DAD65766140715\ExcelProcessMitigation.ps1', Blocked, 701, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe & 'C:\Program Files (x86)\Ablebits\Ultimate Suite for Microsoft Excel\1DAD65766140715\ExcelProcessMitigation.ps1'
URL:
===
