Jump to content
td47

MBAM blocks Adobe Protected mode when called from Outlook

Recommended Posts

I have installed the latest MB3, version 3.0.6.1469., with Component Package 1.0.96, with update package version 1.0.1639.

It seems to work fine (NO BSOD now!), but I have found that when I open an Outlook 2013 (local client) email that contains a PDF attachment, I get an error window saying that the Protected mode will not work with my current system configuration, if I double-click it to open it inline dynamically. I have to select the "Protected Mode Off" radio button to allow it to open this way.  Opening the same item directly from Adobe Reader once detached works fine.

Note that if I exit MBAM3, the in-line read of the same PDF works fine, so it is definitely MBAM3 doing this. Please advise. 

Share this post


Link to post
Share on other sites

Hello, thanks for quick reply. File requested attached (but no addition.txt due to the FRST tool hanging scanning EDGE.) To reproduce, open any email with a PDF attached with Outlook email program, double-click the PDF, see the error box (screenshot attached).

FRST.txt

MB3_SERVICE_LOGS.zip

MB3_ERR_AdobeReaderProtectedMode.jpg

MB-CheckResult.txt

Share this post


Link to post
Share on other sites
3 hours ago, td47 said:

(but no addition.txt due to the FRST tool hanging scanning EDGE.)

When running FRST open Edge and browse a couple sites and close it and FRST will finish.

Share this post


Link to post
Share on other sites

Can you go to Settings -> Protection in Malwarebytes, open Managed Protected Applications, and turn of Adobe Reader to see if that helps? That will narrow down what we are looking for

Share this post


Link to post
Share on other sites
6 hours ago, dcollins said:

Can you go to Settings -> Protection in Malwarebytes, open Managed Protected Applications, and turn of Adobe Reader to see if that helps? That will narrow down what we are looking for

Hello, I have turned off every tick I can see for PDF,and it still happens. Do you still need the addition.txt from FRST?

Share this post


Link to post
Share on other sites
11 hours ago, Porthos said:

When running FRST open Edge and browse a couple sites and close it and FRST will finish.

Thanks for that Porthos, it worked after that. I have added a fresh set of diagnostic logs, below, in case they are needed, for the developers to use.

MB-CheckResult.txt

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

It sounds like you went into Advanced Settings instead of Manage Protected Applications. If you click on Managed Protected Applications you should see a window like the one below. Turn off the option for Adobe Reader

58e2690e8cc28_ScreenShot2017-04-03at8_22_37AM.png.fe5dfe5b1c9feabf95caf1ba53f45643.png

Share this post


Link to post
Share on other sites

Hello, yes sorry about that. I turned off the Adobe Reader, and now it behaves normally. I restored the Advanced settings back to defaults. Thanks for your help. I assume there will be an update for MB3 for this on the coming weeks?

Share this post


Link to post
Share on other sites
10 hours ago, Gator5000e said:

Could this be why MB 3.06 was blocking the PDF Preview in Outlook 2010?

Yes, seems to be the same blocking mechanism. I suspect it is a general thing, for Adobe Protected mode, used in the call from most Outlook versions for the PDF preview. If you follow dcollins advice above, it will remove the blocking temporarily, until it is fixed. Bear in mind this will remove the protection of protected mode, but if you have a good AV suite as well (e.g. Norton Internet Security or equivalent) running alongside, to achieve a layered approach to your AV protection, you should be OK against a malicious PDF. Ensure you have the latest Adobe PDF viewer version installed.

Share this post


Link to post
Share on other sites

Thanks, TD. I reverted back to the prior version of MB and will run with that for a while until the MB team gets things worked out. Hopefully, a 3.1 version will be solid and I ca upgrade then. Right now I don't have the time to be messing with all of this as I have work to do. Installing, uninstalling, running programs to generate logs, etc., is time consuming for me. So I will be patient and wait for a while. 

Share this post


Link to post
Share on other sites

same issue here.  MBAM exploit protection is blocking Adobe Reader protected mode.  If I disable exploit protection, Adobe Reader DC opens fine.

If I leave exploit protection on and then turn off application protection for adobe reader, Adobe Reader DC opens fine.

When is MBAM going to fix this?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.