Jump to content

Recommended Posts

WIN 7 SP1 x64, MBAM ver.


Recently whenever I do a MBAM threat scan, it is detecting what is shown in the below screen shot. MBAM heuristics is detecting these. They occur after I modify applications within EMET 5.1. I am fairly certain these are valid registry entries that MBAM is alerting on.





Link to post
Share on other sites

  • Root Admin

We'd actually like to get the full log and not a screen shot. You can export it from the History, Application Log section of the program. Please export, save as text and not xml


Those locations are actually not supposed to be used so odd that another Microsoft tool would be using them but I suppose it's possible.

Link to post
Share on other sites

Here's the most recent log.


I thought I found the problem. For those registry keys, appears for some reason EMET did not add a DisableExceptionChainValidationKey. I added it and ran another MBAM scan but MBAM still flagged the same keys. So if you guys can't come up with a reason, I might just reinstall EMET 5.1.




Link to post
Share on other sites

  • Root Admin

Please use REGEDIT and export this Key from the registry. You can then either zip it to upload or change the .reg to .txt and attach the file.


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]


If you need further help on how to do that please let me know.

Link to post
Share on other sites

  • Staff

please restore those entries malwarebytes quarantined and reexport that key.


The main problem is malware mostly uses this key to launch its program instead of the legit one. I may be able to work around this but worse case u may just have to add these to the malwarebytes exclusion list so they are no longer detected.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.