Jump to content

Recommended Posts

Hi,

We have a user who's Malwarebytes Anti-Exploit keeps blocking an object scanned at "C:\Program" as it shows in the Malwarebytes Management Console. On his PC's Anti-Exploit logs, it shows that "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" is being blocked. His Excel opens up fine by itself but when he uses a program called "Cash Suite" which has a feature built into the program to use Excel, it doesn't successfully open Excel. Any ideas on what is causing this?

 

Thanks!

Link to post
Share on other sites

In case anyone else has the issue and/or if the admins here have looked at this post, I found a "fix" that allows the Insight feature of Cash Suite to work with Anti-Exploit without having to disable Anti-Exploit (this is with Malwarebytes Anti-Exploit for Business - version 1.09.2.1261): 

-Open Anti-Exploit
-Click on the "Settings" tab
-Click on "advanced settings"
-Click on the "Application Behavior Protection" tab
-Uncheck both "Protection for Office WMI abuse" and "Protection for Office VBA7 abuse"
-Restart Cash SUITE and launch Insight again

After doing this, the user was able to launch Cash SUITE's Insight again. I'm not sure how secure it is to have both of those two protections unchecked but this was the only workaround I found so far without completely disabling Anti-Exploit.

I attached a screenshot of the two protections I unchecked.

malwarebytesantiexploit-cashsuitefix.png

Link to post
Share on other sites
  • Staff

Hello CGH,

 

It sounds like it may be due to one of the new protection layers we put in. I want to have you collect me the logs from the computer so I can confirm this and see about getting this fixed without you having to disable all of those settings. To collect these logs, use this link below. 

 

 

Link to post
Share on other sites
  • Staff

Hello CGH,

 

You can either attach them here or send me them in a PM if that is better for you. As for the log collection, the steps are the same. The logs for both versions are found in that C:\ProgramData directory so you can safely use those to get the logs. We don't have an easy 'sticky' for collecting the logs on this side of things so I linked that one for simplicity. 

Link to post
Share on other sites

That build resolved the issue on one of the PCs. It didn't resolve the same issue on another PC but I noticed this time it was showing that it was blocking "C:\Program Files (x86)\CASH\FTIAgent.exe" this time in Anti-Exploit. I was able to add that to the Anti-Exploit Exclusion list and that resolved the issue.

Link to post
Share on other sites
  • Staff

Hello CGH,

 

That is good to hear. That build fixes the C:\Program issue so it allows you to exclude the files that are now getting the block. I am glad to hear that fixed the issue on both of your computers. Please let me know if you have any other questions. 

Link to post
Share on other sites

Hi Rsullinger,

I want to report that this same issue was resolved on two other computers using the same Cash Suite programs by installing the newer Anti-Exploit version 1.09.2.1280 that I received from another staff member in another post with another issue.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.