Jump to content

Recommended Posts

I have tried to exclude a server from being blocked. unblocked on the work station and on the malware server counsel. But when she tries to open it again it is blocked. i go into exclude it and it tells me it is already exclude. if it is why is it blocking it? If I shut down the software works fine. Have been using this for over a year with no problem now in the last 3 weeks it is not working right.

Share this post


Link to post
Share on other sites

Hello Tmorse,

 

This may be due to a new version of the program that was updated with the timeline you gave. I want to have you collect me some logs from the computer so I can look into this further for you. All you would need to do is go to the computer and collect this directory:

C:\ProgramData\Malwarebytes Anti-Exploit

 

Just zip up that directory and attach it here for me. 

 

Share this post


Link to post
Share on other sites

Hello Tmorse,

 

Is the user actually seeing an alert about a block? I am looking in the logs and I am not seeing an alert at all. I just want to confirm if we are showing a block or we are just blocking it without causing an alert. 

Share this post


Link to post
Share on other sites

this is the pc that is blocking. as you can see on the bottom. When I go in to alow it it tells me it is blocked. It will not let me unblock. It say already exempt.  

Doc1.docx

Share this post


Link to post
Share on other sites

Hello Tmorse,

 

That is odd. I am not seeing that block at all in the logs. Our team is looking into an issue like this with UNC exclusions, but I would like to see the alert file so I can send it to them. Can you try to collect the logs from that computer again? Or, if possible, have them reproduce it right before you collect it to make sure it creates the alert on the client side. 

Share this post


Link to post
Share on other sites

it says that it has blocked it and will not let it open. The excel report that she is opening is from our internal server on my network.

Share this post


Link to post
Share on other sites

Hello Tmorse,

 

Alright, in the mean time then. Can you go back to that alert in the console. On the area where it says 'object scanned' can you extend that column so I can see the entire path and take a screenshot of that? That is mainly one of the information I want to see and I can send that to our team. 

Share this post


Link to post
Share on other sites
Quote

 

any progress? I did the down load. does this only a client or does this go over the server?

Edited by tmorse

Share this post


Link to post
Share on other sites

Hello Tmorse,

 

This is only for the client. It is an update to the anti-exploit client itself so you want to install that on a computer that is having the issue. 

Share this post


Link to post
Share on other sites

Hello Tmorse,

 

Good to hear! We are planning on pushing out an updated version of anti-exploit soon that includes that fix. So all of your clients should get the new version when that happens. In the mean time, you can use that build on machines that need this fix while we get the GA build finalized. 

Share this post


Link to post
Share on other sites

Just an FYI, but I had the same problem when using IE on my personal PC. Turning off Exploit Protection from the system tray plus turning off IE protection under Settings > Real-Time Protection > Manage Protected Applications did nothing at all until I shut down IE and restarted it. Once restarted the "Exploit" was unblocked.

Share this post


Link to post
Share on other sites
On 2/14/2018 at 12:49 PM, MBride said:

Just an FYI, but I had the same problem when using IE on my personal PC. Turning off Exploit Protection from the system tray plus turning off IE protection under Settings > Real-Time Protection > Manage Protected Applications did nothing at all until I shut down IE and restarted it. Once restarted the "Exploit" was unblocked.

Yes, that's most likely because the way exploit protection functions is by loading a DLL into protected processes, a technique called hooking, and therefore cannot unload from a protected process often times without the protected process being shut down/restarted.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.