Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Not able to add application to Exclusions list


Polleke
 Share

Recommended Posts

  • 3 weeks later...

The excelsheet totaal.xls consists of a macro which is executing: Shell "c:\windows\system32\cmd.exe /c copy c:\WORK\totaal.htm c:\data\totaal.htm"
The log is stating: totaal.htm blocked from executing thrugh Microsoft Office Excel
Now I can deactivate the shield for excel.exe, but I would prefer that the totaal.xls could be excluded.

Is that possible?

 

Link to post
Share on other sites

  • Staff

Excel (or any other shielded app) executing system commands is a big security hole. This is abused in the wild by malicious exploits. If you want to allow this security risk the only workaround is to disable the Excel shield.

Note: moving to Questions sub-forum.

 

Link to post
Share on other sites

  • 6 months later...

Hi pbust,

I am having a similar problem, that only starting happening today (I presume as a result of an update).

I cannot add the relevant Excel file to the exclusions list.

Disabling the Excel shield completely seems a bit heavy-handed. Can it not be that we simply exclude the relevant XLS file?

Cheers,

Nick

Link to post
Share on other sites

Hi Arthi,

Thanks for jumping in to help.

I decided to clear the logs, reset the settings to defaults and then run the Excel file again and create the fault log for you to see.

The odd things is that it no longer triggers the error!

Specifically, my VBA code launches explorer.exe and it opens and shows a directory.

This used to work until the day I posted my message (last Sunday), when it started getting caught by MBAM-AE.

 

I can only assume that between then and now, an update has come through that stopped it from happening.

My VBA code is still there and it now runs without triggering a reaction from MBAM-AE.

 

I set everything to defaults under Settings/Advanced settings,   specifically "Application behaviour/VBA7 abuse" (on)

Do you know if any updates were issued since last Sunday?

Cheers,

Nick

 

Link to post
Share on other sites

All our computers are not able to exclude a new AE block after the update to 1.09.1235, prior to the update we did not have this problem.  By design we are to open a program, used heavily in our office, via the 3rd party's ribbon in Word.  Though listed in the log the exclude button remains greyed out so right now we can only stop protection.  I have cleared the logs and reset the default but this did not resolve like it did with nick-d.  Please find zip directory Malwarebytes Anti-Exploit with all files.  Should note this is a trial version to see if I could replicate the problem which I could, all affected 10 systems are paid versions.

Malwarebytes Anti-Exploit.zip

Link to post
Share on other sites

Thanks Arthi - just checking in.  I don't suppose there is a way to rollback a version?  We were not having this problem until the newest update got installed.  Or do you anticipate an update that will resolve the "falsecatch" soon?  Or allow us to add as an exclusion?

Edited by TNGinAK
Link to post
Share on other sites

I did install the new build 1.09.1.1254 it now allows me to exclude this item from the log list.  But the file path/process blocked in the blocked exploit attempt window is incorrect.  The path is also wrong in the Exclusions tab.  I added the exe to the Shields list but did not resolve either, so I am having to deselect the VBA7 abuse again in the configurations.  Thx Arthi

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.