Jump to content

Malwarebytes blocking npm script run on windows console (cmd.exe)


aroberge

Recommended Posts

I'm trying to run some simple npm run scripts  (https://www.npmjs.com/).  How do I exclude such events?

Here's the output

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 10/12/2016
Heure de l'événement de protection: 12:22
Fichier journal: 
Administrateur: Oui

-Informations du logiciel-
Version: 3.0.4.1269
Version de composants: 1.0.39
Version de pack de mise à jour: 1.0.680
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails de l'exploit-
Fichier: 0
(Aucun élément malveillant détecté)

Exploit: 1
Malware.Exploit.Agent.Generic, , Bloqué, [0], [-1],0.0.0

-Données de l'exploit-
Application concernée: cmd
Couche de protection: Application Behavior Protection
Technique de protection: Exploit payload process blocked
Nom du fichier: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c tape tests\unit_tests\**\*.js
URL: 

(end)

 

Link to post
Share on other sites

After "Exclude a previously detected Exploit", I am presented wth a menu which asks me to select and identified exploit with two fields in which I cannot enter anything (one for an exploit hash and the other for an application). However, there is a "Select" button.  If I click on it, there are exploit shown that I can select.

 

I did try to add an exclusion for cmd.exe (which seems rather broad ... but just to see what would happen) and nothing change.

 

Note that I can run the exact same script  many times in a row and that sometiems it runs correctly, and sometimes it is prevented to run by Malwarebytes.

Link to post
Share on other sites

  • Staff

Hey Aroberge,

 

It should only exclude the script that CMD was calling at that time. However, if it still gets prevented, I want to see the logs for that. Can you reproduce the issue again and when you do, collect these logs for me:

 

C:\ProgramData\Malwarebytes\MBAMService\mbae-default.log

C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log

The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it.   There is also a post here from Microsoft on how to do this for the more recent OS: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files
 

Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.