Jump to content

Recommended Posts

Yesterday I posted the section that follows to the Malwarebytes 3.0 forum and an Advanced Member by the username of Telos suggested to post it here. Whether this is a false exploit or not I cannot tell. Please advise.

---> Posted yesterday on the Malwarebytes 3.0 forum

Today when I open Node.js Command Prompt on Windows, Malwarebytes blocks it with the information that appears at the end of this message.

The target of the Node.js Command Prompt shortcut is: C:\Windows\System32\cmd.exe /k "C:\Program Files\nodejs\nodevars.bat"

I have used this for months and today it comes up and is blocked and closes immediately. Repeated attempts result in the same behavior.

What is the deal?

-Log Details-
Protection Event Date: 2/8/17
Protection Event Time: 4:26 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1214
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [-1],0.0.0

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \c \node.exe -p -e process.versions.node + ' (' + process.arch + ')'
URL: 

(end)

Link to post
Share on other sites

  • Staff

Hi reidsci,

Did I understand correct that this is something you created yourself?

I do understand why our Anti-Exploit module would block that, since it is unexpected and malware-like behavior.

Another question for you: did this start immediately after you upgraded from Malwarebytes version 2 to 3?

Link to post
Share on other sites

Today it works fine, though yesterday and the day before I got the message I posted. So I am fine.

It is not something I created myself but something that people developing with node.js often use as well as people who are working with Angular 2. I don't believe it coincides with the upgrade as it is likely that I used it since then. I certainly used Node.js command prompt many times in January and likely February.

Thank you for getting back to me.

Link to post
Share on other sites

  • Staff

No problem. If it happens again, you can add an exclusion for the exploit detection if you are sure it's something you want to alllow.

Under Settings select the Exclusions tab > Add Exclusion > select Exclude a Previously Detected Exploit > Next > select the exploit you want to exclude and click OK.58a18f395d759_AEexclusion.thumb.PNG.c8f904bed3783f23b434bc4e440acfd9.PNG

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.