Jump to content

Selected threat does not contain a valid payload checksum


Recommended Posts

Hello.  We have been using the Enterprise Malwarebytes for a couple of years now.  We just turned on the 30 day free trial of the anti-exploit, which we will be adding on to our agreement shortly.  I have a user that had a program blocked by the Anti Exploit (a valid program that he's been using for years), and I see it in the security logs for his PC in the console.  When I click on the treat, I get the message saying the threat can't be excluded because it doesn't contain a valid payload checksum.  I understand (from other threads) that this is because it's being blocked before a checksum can be generated.  He was able to get past it by toggling the anti exploit off, launching his program, then turning it back on.  But how do we deal with this, and others like it, on a more permanent basis?

 

            Thanks in advance

Link to post
Share on other sites

We have been using the Enterprise version of Malwarebytes for a couple of years now, but just recently turned on the 30 day trial of the Anti Exploit product, which we will be adding to our agreement shortly.  I have a user who is attempting to run a program that he's been using for years that is now being blocked by the anti exploit.  When I find it in the console and try to allow it, I get the message that it cannot be excluded because the threat doesn't contain a valid payload checksum.  From other posts like this, I understand that this is because it's being blocked before the checksum is generated (simplisticly).  The user got past the issue by temporarily toggling the anti exploit off, but I need to know how to correct this on a more permanent basis for this instance and possibly others down the road.

 

                     Thanks in advance

Link to post
Share on other sites
  • 1 month later...

We are running the Enterprise version and the anti-exploit is blocking a custom VBScript we have on our internal webpage. When I try to add it to the exclusion list, it says it does not contain a valid payload checksum.

Thanks for any assistance.

Link to post
Share on other sites
34 minutes ago, mclark said:

We are running the Enterprise version and the anti-exploit is blocking a custom VBScript we have on our internal webpage. When I try to add it to the exclusion list, it says it does not contain a valid payload checksum.

Thanks for any assistance.

Attaching logs.

Malwarebytes Anti-Exploit.zip

MBMC_Client_Diagnosis_Info_2016_04_26_074911.zip

Link to post
Share on other sites
  • Staff

I saw the same logs through an escalated ticket from Support.

 

Basically Internet Explorer is executing wscript with a custom script. Allowing this behavior is as big of a security hole as it gets. You could drive a truck through it. If you need to enable this behavior you can temporarily disable the IE shield.

We're researching to see if we can add a feature to selectively whitelist such behavior in the future.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.