Node.js Command Prompt being blocked

[reidsci]

Yesterday I posted the section that follows to the Malwarebytes 3.0 forum and an Advanced Member by the username of Telos suggested to post it here. Whether this is a false exploit or not I cannot tell. Please advise.

---> Posted yesterday on the Malwarebytes 3.0 forum

Today when I open Node.js Command Prompt on Windows, Malwarebytes blocks it with the information that appears at the end of this message.

The target of the Node.js Command Prompt shortcut is: C:\Windows\System32\cmd.exe /k "C:\Program Files\nodejs\nodevars.bat"

I have used this for months and today it comes up and is blocked and closes immediately. Repeated attempts result in the same behavior.

What is the deal?

-Log Details-
Protection Event Date: 2/8/17
Protection Event Time: 4:26 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1214
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \c \node.exe -p -e process.versions.node + ' (' + process.arch + ')'
URL: 

(end)

[Metallica]

Hi reidsci,

Did I understand correct that this is something you created yourself?

I do understand why our Anti-Exploit module would block that, since it is unexpected and malware-like behavior.

Another question for you: did this start immediately after you upgraded from Malwarebytes version 2 to 3?

[reidsci]

Today it works fine, though yesterday and the day before I got the message I posted. So I am fine.

It is not something I created myself but something that people developing with node.js often use as well as people who are working with Angular 2. I don't believe it coincides with the upgrade as it is likely that I used it since then. I certainly used Node.js command prompt many times in January and likely February.

Thank you for getting back to me.

[Metallica]

No problem. If it happens again, you can add an exclusion for the exploit detection if you are sure it's something you want to alllow.

Under Settings select the Exclusions tab > Add Exclusion > select Exclude a Previously Detected Exploit > Next > select the exploit you want to exclude and click OK.

[reidsci]

I would have done that originally if I had known it was a false signal. But it was unclear whether it was actually valid or an error. Which is to say I didn't know why Malwarebytes was blocking it.