Jump to content

cutting_edgetech

Members
  • Posts

    105
  • Joined

  • Last visited

Reputation

0 Neutral

About cutting_edgetech

  • Birthday June 10

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. When I attempt to add WinRAR to the listed of Shielded Apps, I am notified that WinRAR already exist in the list of Shielded Apps. WinRAR is not in the list of Shielded Apps. Also, I checked the WinRAR process with Process Explorer, and MBAE is not injecting into WinRAR.exe. I reported this several years ago, so I think this bug has been around for a long time. I would really like MBAE to protect WinRAR and other archive software. MBAE will allow me to add some child processes like RAR.exe, but not the parent process, WinRAR.exe. MBAE 1.13.1.304 Edition Windows 10 Pro Version 20H2 Installed on ‎8/‎22/‎2020 OS build 19042.685 Experience Windows Feature Experience Pack 120.2212.551.0
  2. After uninstalling MBAE, auto-save to the cloud is able to sign into the cloud and save my document. Before it couldn't even sign in before MBAE triggered. It seems that the auto-save to cloud feature is what is triggering MBAE.
  3. I right clicked on the MBAE tray icon and chose "Stop Protection" to disable all protection for MBAE 1.13.1.283. The icon changed to white to indicate that the protection had been disabled. I then selected the option to auto-save my Word document to my student OneDrive cloud account. MBAE immediately triggered saying it had blocked an exploit attempt, killing my document. Now if I select the option to auto-save my document to the cloud it kills my document without giving me exploit attempt prompt at all. I'm going to have to uninstall MBAE at this point. The false positive for Word has been around for a few builds now. I can't even keep it from triggering when disabling MBAE protection. I can't afford to lose my work. I will save the logs from the current installation and keep them. If you work for Malwarebytes, then request them and I will send them to you by pm. I'm currently using MBAE 1.13.1.283 on Windows 10 x64 Pro Version 2004
  4. Well, as I stated in my original post, rebooting brought back the tray icon and gui for me. It didn't seem to work for everyone from reading above.
  5. I was asked if I wanted to update to version 1.13.1.283 from version 1.13.1.257. I unticked automatically upgrade to new versions, and clicked ok. After MBAE updated I had no tray icon or GUI. I waited for about 5 minutes to make sure MBAE had completed updating. I then tried launching MBAE from the Programs Menu, and that did not work. I rebooted my computer, and now the tray icon and GUI are back. I'm using Windows 10x64 Pro Version 2004. This post is for informational purposes only (giving feedback).
  6. I keep making post that do not post to the thread. I will try this once again. Please delete my logs from my post once you get what you need. I accidentally attached them to the post. Also, will I ever get editing rights to my post? I have been a member for a long time, and I can not make any changes to my post. I would just remove them myself if I was able, and send them by pm.
  7. It says a Macro is triggering the behavior protection. I checked in the Macro options under Word and I did not see any Macros listed. The Enterprise Office installation i'm using was provided to me by my University. Each time I save a Word document it automatically saves a copy to Microsoft One drive. Maybe it is using a Macro to save a copy of my document to Onedrive. I'm just taking a stab in the dark. I'm sending you the entire Appdata folder, which contains the logs. Which log files do you normally request? Thank you!
  8. Thank you. I will wait a few days longer, and if I don't get a response I will create a support ticket. I use to just send these reports to pbust. I'm not even sure what they have him doing these days. I've been away for a while since I only used Linux for 2 years.
  9. I Prefer to pm logs. I don't know what information they contain.
  10. I just made it trigger again to see what the MBAE prompt said. The prompt says, "Exploit payload macro process blocked". It was blocked by the Application Behavior Protection Layer.
  11. Every time I try to close or save a Word document I have created, MBAE 1.13.1.257 triggers and says it has just blocked an exploit attempt. MBAE has triggered 5 times so far. It should be a false positive since i'm the one that created the document. I am using Microsoft 365 Apps for Enterprise with Windows 10 x64 Version 2004. Who do I send the log files to?
  12. Thank you for the response. I will switch back to MBAE from Malwarebytes Antimalware soon to see if I have any issues with the latest build.
  13. Another powershell script that runs in the background on many Windows 10 installations is used to disable Legacy versions of SMB. You can see this script captured below taken from ERP 's log file. This script has also ran over, and over again since it can not complete due to being blocked by AppGuard. I'm curious whether MBAE build 137 was blocking this script as well. I have not checked to see if this is the case since I have been using Malwarebytes Antimalware the last 3 weeks. I hope the log info below is helpful. Date/Time: 2018-11-16 21:51:29.424 Action: Allow/Known Safe Process PID: 5504 Process Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe SHA1: AE8B80AE4D2D3B4AB6A28CC701EB4D888E4EC7AD Signer: Command Line: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" Parent: C:\Windows\System32\svchost.exe Parent SHA1: B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8 Parent Signer: Microsoft Windows Publisher Expression: - Category: - User/Domain: SYSTEM/NT AUTHORITY Integrity Level: System System File: True
  14. Is anyone here having powershell blocked in the background without trying to run powershell? Windows 10 started running a powershell test script in the background a few months back. I believe this script is used by Windows to check to see whether the user is running AppLocker, or not. This script gets blocked many times per day by AppGuard. Here is the script being blocked by AppGuard. This image from AppGuard Activity Report shows a little information about the script.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.