Jump to content

Exploit Protection crashing MS Office applications


Mike406
 Share

Recommended Posts

  • 4 weeks later...
On 10/25/2019 at 11:40 AM, Twallace2003 said:

I just had Malwarebytes close out both Excel and Word with internal file linking.  I have hyperlinks to my server in Excel for reference files.  Also, hyperlinks to email addresses in a word file are closeing.  I did the log that was mentioned above.

I've found that this actually happens any time Excel or Word try to open a web browser for any reason, including:

  • Clicking a function name in the tooltip when editing said function in Excel (to view the help article for that function)
  • Clicking Read article in browser when viewing any help article in the Help sidebar
  • Clicking on any hyperlink in a document
  • Clicking the ? button at the top of Backstage View (the page you start at when opening either program, or after clicking the File menu)
  • Clicking the ? button or any Tell me more/Learn more links in any dialog box (Help sidebar won't open while in dialog box, so tries to open a browser instead)
  • Pressing the F1 key while in any dialog box
  • Clicking Change photo or About me under User Information in the Account screen
  • Clicking the Manage Account button or Update Options -> View Updates under Product Information in the Account screen
  • Clicking View Account in the dropdown under your name at the top right
  • Clicking any Privacy Policy or Terms of Service link anywhere
  • And so on...

Now, there are certainly situations where you wouldn't want your Office applications to open hyperlinks, e.g., links within untrusted documents you downloaded from the Internet, especially those that open automatically through a scripted event in the document. But, and correct me if I'm wrong, doesn't Office already (under the default settings) warn you about those types of things? None of the situations I listed above should be blocked at all, much less terminate the entire application.

Link to post
Share on other sites

  • 5 months later...

I am having this same issue. Just started happening in the past month. It does NOT happen on my machine - but the exact line of VBA looks like this

returnValue = URLDownloadToFile(0, "https://mycompany.sharepoint.com/sites/MYSITE/myfolder/myfile.xltx" , strSavePath, 0, 0) 

This is a site that is in trusted sites for the computer AND in trusted sites for MS Office and all its subdirectories (its in 2 areas of the registry).  This is the only non-cheesy way to get stuff off of sharepoint .  Sharepoint is our new network drives - we are at the mercy of so many other companies cooperating.

I AM A PEE-ON and have 0 ability to affect anything IT does. So what they say goes - and this isn't going away. Now I have to make a c# app to interface etc. etc. when this library is a perfect one already built into windows for this purpose. 

Is there any way to get this fixed for trusted sites? I appreciate the protection but this has gone a little too far. Thoughts? ETA?

EndpointAgent (003) last part.txt

Link to post
Share on other sites

  • Staff

Hi MeMeMeMeMe,

Can you try unchecking the following setting marked in red. You can find it under Exploit Protection -> Advanced settings.

Also it would help if you can post log file located here

C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log 

Thanks.

image.png.1c7ca7cda2db95fd4a8f697070281cf4.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.