Jump to content

Recommended Posts

I downloaded MBAE today and am using the premium trial version. I created a custom shield for Spotify, and initially set it to the profile "browsers" as per the FAQ. I got a pop up from MBAE upon launching Spotify as per the pic below saying it had blocked a malicious exploit.



I searched the forum re MBAE & Spotify and I found this post: https://forums.malwarebytes.org/index.php?/topic/170569-mbae-detecting-and-blocking-exploit-code-in-spotify/ > it would appear from the replies to the OP that this issue was resolved in version 1.07. I tried using "chrome browser" as per pbust's reply, but the problem still persists. I'm not sure if the block I am getting is the same as the poster in the other thread. It may be a completely separate issue. I find if I use "other" as a profile then Spotify launches OK (it is the only profile that allows Spotify to launch), but I'm worried that doing this is allowing an actual malicious process (i.e. not a FP / wrong choice of profile / conflict of some kind).

I hope I have done the logs and zip file right. I couldn't find anything called the "MBAE user data directory" as per the FAQ, so I just zipped up the entire contents of the MBAE folder on the file pathway provided. (NB I did unhide hidden folders). My system specs are all in my signature. Incidentally, Spotify.exe is located here: C:\Users\[name of my PC]\AppData\Roaming\Spotify\Spotify.exe - with every other app I made a custom shield for the relevant exe file to launch the programme is in either program files or program files(x86), could that different pathway have something to do with it?

Please could you advise if this is something to be concerned about, and if it is safe to use "other" profile in the custom shield for Spotify? Many thanks.


 

Link to post
Share on other sites

Hi, as I explained above I did try the "chrome browser profile" and it gave the same result. The "other" profile will allow Spotify to launch, but that is the only one that will. (I tried browsers, media player & then chrome browser after reading the post I linked to above).

 

I do have Hitman Pro but it is not in realtime (i.e. not HitmanPro Alert), It is an on-demand second opinion scanner which is not activated and uses no processes unless it is launched & running so I don't think it will be that causing this. I haven't run HMP in weeks.

 

So does that mean it isn't actually malicious, but just a conflict or wrong profile selection issue? Is Spotify safe to launch? Thanks.

 

EDIT - just tried Chrome broswer profile again and got the same result - MBAE blocks it.

Link to post
Share on other sites

  • Staff

Did you shield Spotify.exe itself or its child processes (they are called spotifywebhelper.exe or something along those lines). If you shielded spotify.exe it might throw an FP as it includes some self-protection and obfuscation. Try shielding the Spotify webhelper/helper child processes instead as those are the ones that are Internet-facing.

Link to post
Share on other sites

Yes I shielded spotify.exe. According to "properties" on the desktop shortcut for Spotify this is the process which launches spotify on the following path: C:\Users\[name of my PC]\AppData\Roaming\Spotify\Spotify.exe

 

Where would I find "Spotify webhelper/helper child processes"? May I take it that this block is a false positive then?

Link to post
Share on other sites

  • Staff

While you have Spotify running, check TaskManager or ProcessExplorer to see the names of the Spotify helper child processes.

 

I wouldn't call it an FP. It's more of a conflict between the two since Spotify uses aggressive memory obfuscation and other protection techniques. Although these techniques are mostly used by malware, sometimes media players use similar techniques for protection of digital rights. It is normal that these techniques conflict with advanced memory exploit mitigations.

Link to post
Share on other sites

Ah that explanation makes sense. Thanks. Phew! I was worried I'd been launching something malicious for all of this time before I downloaded MBAE! OK here is a snipping tool capture of my taskmanager:

 

 

Which process am I best to add?

 

In my AppData\Roaming\Spotify folder there is a process called SpotifyLauncher.exe too, but that doesn't appear to show in my taskmanager.

Link to post
Share on other sites

I'll keep it as it is with ChromeBrowser :) Thanks pbust.

 

Spotify appears to be the only one of the many apps I have made a custom shield for to have had any sort of conflict /issue, so perhaps a dedicated FAQ for Spotify + MBAE would be a good idea. :)  Love the concept of this software, thanks so much!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.