Jump to content

Exploit automatically blocked

chamm
 Share

Recommended Posts

chamm

chamm

Posted
Posted

I'm using the trial of the 3.0.4 on Windows 10. (Anniversary Edition) I've got it installed, and it seems pretty compelling, however starting in the middle of the night, it began popping up a message about once every 90 seconds saying that an exploit was automatically blocked. The information in the pop-up is as follows:

Exploit automatically blocked
Malwarebytes detected and blocked an exploit. It is no longer a threat to your computer.

Affected Application:   cmd

Link to post
Share on other sites
chamm

chamm

Posted
  • Author
Posted

  

Exploit automatically blocked
Malwarebytes detected and blocked an exploit. It is no longer a threat to your computer.

Affected Application:   cmd
Protection Layer:   Application Behavior Protection
Protection Technique:   Exploit payload process blocked

I'm trying to figure out any detail on why this is happening every 90 seconds. I checked the log, and these two messages accompany the pop-ups: 

12/09/16    " 08:52:18.922"    24761578    0d74    4ecc    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "AEControllerImplHelper.cpp"    2034    "App Injected (Google Chrome (and plug-ins))"
12/09/16    " 08:52:23.888"    24766531    0d74    4ecc    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "AEControllerImplHelper.cpp"    2034    "App Injected (cmd)"

Is there any place I can look for some more detail on what it's blocking and why it's blocking it? I'm not questioning whether it's legitimate or not, but I wouldn't even know where to begin looking for a suspicious process. If it's just blocking everything invoked by the command shell, that's probably a level of protection that I'm not looking for, but I also want to check to ensure that it isn't affecting any of my legitimate applications.

Thanks!

Link to post
Share on other sites
chamm

chamm

Posted
  • Author
Posted

But won't that leave my Chrome sessions unprotected? Also, disabling Chrome doesn't seem to prevent this message: 

12/09/16    " 20:01:12.023"    64894671    0d74    4548    INFO    AEControllerImpl    mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification    "AEControllerImplHelper.cpp"    2034    "App Injected (cmd)"

I don't see an option to disable protection on the command shell, and I think doing so would effectively disable most of the protection I would be looking for in the product.

Is there someplace I can see some more detail on why it's being flagged every 90 seconds?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.