Jump to content
Malwarebytes Endpoint Security reached End of Life on August 4th 2021. Click for more details.

Selected threat does not contain a valid payload checksum

Webbie1
 Share

Recommended Posts

Webbie1

Webbie1

Posted
Posted

Hello.  We have been using the Enterprise Malwarebytes for a couple of years now.  We just turned on the 30 day free trial of the anti-exploit, which we will be adding on to our agreement shortly.  I have a user that had a program blocked by the Anti Exploit (a valid program that he's been using for years), and I see it in the security logs for his PC in the console.  When I click on the treat, I get the message saying the threat can't be excluded because it doesn't contain a valid payload checksum.  I understand (from other threads) that this is because it's being blocked before a checksum can be generated.  He was able to get past it by toggling the anti exploit off, launching his program, then turning it back on.  But how do we deal with this, and others like it, on a more permanent basis?

 

            Thanks in advance

Link to post
Share on other sites
Webbie1

Webbie1

Posted
  • Author
Posted

We have been using the Enterprise version of Malwarebytes for a couple of years now, but just recently turned on the 30 day trial of the Anti Exploit product, which we will be adding to our agreement shortly.  I have a user who is attempting to run a program that he's been using for years that is now being blocked by the anti exploit.  When I find it in the console and try to allow it, I get the message that it cannot be excluded because the threat doesn't contain a valid payload checksum.  From other posts like this, I understand that this is because it's being blocked before the checksum is generated (simplisticly).  The user got past the issue by temporarily toggling the anti exploit off, but I need to know how to correct this on a more permanent basis for this instance and possibly others down the road.

 

                     Thanks in advance

Link to post
Share on other sites
  • 1 month later...
mclark

mclark

Posted
Posted
34 minutes ago, mclark said:

We are running the Enterprise version and the anti-exploit is blocking a custom VBScript we have on our internal webpage. When I try to add it to the exclusion list, it says it does not contain a valid payload checksum.

Thanks for any assistance.

Attaching logs.

Malwarebytes Anti-Exploit.zip

MBMC_Client_Diagnosis_Info_2016_04_26_074911.zip

Link to post
Share on other sites
  • Staff
pbust

pbust

Posted
  • Staff
Posted

I saw the same logs through an escalated ticket from Support.

 

Basically Internet Explorer is executing wscript with a custom script. Allowing this behavior is as big of a security hole as it gets. You could drive a truck through it. If you need to enable this behavior you can temporarily disable the IE shield.

We're researching to see if we can add a feature to selectively whitelist such behavior in the future.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.