Jump to content

Recommended Posts

Within our company we have a program which we use. the EXE file is on the server and users connect through it using a shortcut which is located on their desktops.

Now when they use the internet explorer and they want to browse for files (upload/download) the IE crashes.

We have had the message  "Exploit payload from UNC blocked          BLOCK  \\servername\Chemges\chemges.exe" so we have put this in the exlusion list. however it still keeps blocking. 

as soon as we disable the anti exploit it all runs well.

Malwarebytes Anti-Exploit.zip

Share this post


Link to post
Share on other sites

This is by design as some exploits use WebDAV and UNC paths to deliver their payload. So our MBAE Layer3 Application Behavior protection blocks this generically. Since exploits ITW haven't used this technique for many many years, you can safely disable this under Advanced settings -> Application Behavior and disable the UNC protection for browsers. MBAE still has dozens of other layers that will protect against similar exploits, so you are not really reducing your effective protection.

 

 

Share this post


Link to post
Share on other sites

If I go to edit the client policy and go to Anti Exploit->Advanced -> Application Behavior Protection I do not see an option to disable the UNC protection for browsers.  The only options that are present are:

Malicious LoadLibrary protection

Protection for Internet Explorer VB scripting

Protection for MessageBox payload

Share this post


Link to post
Share on other sites

Hi Scott this is correct, i couldn`t find the setting either.

However is switch off the malicious loadlibrary protectionvor browsers, and this did the trick.

Share this post


Link to post
Share on other sites

We're experiencing the same issue regarding desktop shortcuts to unc paths...whitelist exclusion has no effect. Is it safe to disable the 'malicious load library' setting? 

Adam

Edited by AdamM

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.