Jump to content

Exploit payload process blocked


Recommended Posts

  • 2 months later...

EXACT same issue.

We are using the Corp. Endpoint version.

From an Oracle Form we call a java applet that (as part of the process) attempts to set the path [cmd /set c] so the image stored in our imaging server can display it in Internet Explorer. 

BLOCK   C:\Windows\system32\cmd.exe \c set

I've tried all the advanced settings check boxes in the console's policy settings...under the "application Behavior Protection" tab for the "Java Protection" section...but unless I completely disable the Java shield, it blocks it.

Blocking malicious Java stuff is one of the reasons we purchased the AE module.

I hope you can find a workaround sooner rather than later.

Link to post
Share on other sites
  • Staff

We are working on a fix for this for 1.09. We'll release a beta ASAP so you can verify the fix. Please open a ticket in Support describing the issue you are encountering to make sure you receive the 1.09 beta when it becomes available.

 

 

Link to post
Share on other sites
  • 3 months later...

Hello,

we experienced the same issue with MBAE v1.09.2.1261. An error message is displayed with "Selected threat does not contain a valid payload checksum, The "payload" cannot be added into exclusion list." when I tried to exclude it from the central console

I have reproduced the issue with a simple msgbox ("hello") in a simple vb script.

the payload is: “C:\Windows\System32\cscript.exe C:\Windows\System32\csript.exe C:\Users\<userename>\Desktop\hello.vbs";

The layer used during this detection is 3 which means "Application Behavior Protection". I am surprised we cannot exclude it because MBAE exclusions are only for detections of exploit techniques in Layer3 (Application Behavior Protection).

Please, help.

Neilou

Link to post
Share on other sites
  • 3 months later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.