When I right-click a webpage & press Properties, I get an exploit alert for every webpage I visit

[Outlier]

Whenever I right-click any webpage (including this Malwarebytes page) and then press Properties, I get an alert from Malwarebytes saying it blocked a threat.  Here are the details:

Quote

Threat:  Application Hardening: Attempt to execute VBScript blocked
Type:  Exploit
Location:  Internet Explorer (and add-ons)
Action:  Blocked
ID:  0

After I get the alert, if I try right-clicking again and pressing Properties, then everything works as usual and I don't get another alert.  But if I close the page and visit the site again, the same alert will happen.  Again, this happens with EVERY webpage I visit.  Is this a known false positive or should I be concerned that something is lurking within my Internet Explorer?  I'm using IE 11.

[exile360]

Greetings

I've actually had an issue similar to this one in the past on my own system and I spoke directly with our main developer for our anti-exploit component about it at that time so I should be able to fill you in on what's going on.

Basically, VBScript is a scripting component included with IE that is unfortunately quite commonly used by the bad guys who create malware for the sake of launching exploits.  VBScript has pretty much been deprecated by Microsoft (info here: https://msdn.microsoft.com/en-us/library/dn384057(v=vs.85).aspx) and they recommend against web developers using it on their websites (and as I understand it, most don't these days for that very reason, also because Firefox and Chrome, two other popular browsers, don't allow VBScript by default either).  That said, sometimes for some reason, sometimes when performing certain tasks in Internet Explorer 11, it attempts to load vbscript.dll even though what you're doing doesn't require it (when it happened to me, it would occur every time I right-clicked on an image on a webpage and clicked "Properties", similar to your issue, though not exactly the same as I could still use the "Properties" function for actual webpages without the issue occurring).

Now, because VBScript is no longer supported officially by MS or widely used by legitimate websites, and especially because these days it is so frequently for malicious purposes to launch exploit attacks, our exploit protection now has VBScript blocked by default as part of our application hardening functionality for IE to prevent such exploits from executing.  Since every website you visit is obviously not serving exploits, you must be running into essentially the same issue that I did sometime ago where IE is loading VBScript.dll when it doesn't need to.  For me, the issue was fixed when I closed all instances of IE (making sure there were no lingering iexplore.exe instances listed in the Processes tab of Task Manager) and then re-opened IE.  I don't know if that will resolve the issue for you or not, but it's worth a try.

Also, it might be a good idea to make certain that your Internet Settings have not been configured in an insecure way.  The first thing to do is open IE and click on Tools > Internet Options and once the settings panel opens, click on the Security tab.  Verify that the first zone, called Internet, is set to Default.  If it is set to Custom then it's possible that there's a setting which has been modified to a less secure setting which may be causing this.  If that is the case, you can reset it to default by clicking the Default level button on the lower right or, if the other zones are also set to non-defaults, you can click Reset all zones to default level.  If you have customized your security settings previously then you'll need to make those changes again.

Please let me know if this helps or not.

Thanks  

Edited May 9, 2017 by exile360

[Outlier]

Closing all instances of IE in the Processes tab didn't solve the issue.  However, the alerts do stop after the first alert and if I remain on the page.  When closing IE and re-visiting the page again, the alert pops up.  In Tools -> Internet Options -> Security tab, I reset all zones to default level.  That didn't solve the issue either.  Funny thing is, it's happening on this thread page as well as the Google home page.  It's kind of a relief to know that others like yourself have had this problem too.  Did you find a permanent fix or does it still happen to you every once in awhile?  What did you do (other than closing iexplore.exe instances) that made it completely stop?  If this is adding that extra layer of security, then I can live with it and it's a small price to pay.  But if you have any other suggestion, I'm open to trying it...

[exile360]

Honestly, that's all I did and it hasn't returned since, but if you're OK with it, there's probably something we can do, but it will mean disabling vbscript.dll from loading at all in IE11 (though as I said, it really shouldn't be loading anyway and MS even recommends disabling it/not using it).

If you visit this Microsoft support page you'll find information on how to disable it.  For simplicity's sake I recommend using the Microsoft easy fix solution option you'll find further down the page.  All you have to do is download the tool from the link they provide, run it and follow the onscreen instructions, restarting your computer if prompted to do so once it completes.

Once that's done, try opening IE again and using the right-click Properties function to verify that it's no longer loading that DLL.

If that does not work, there's likely further steps we can take, but they're a bit more extreme so let's try this first, and hopefully the issue will be resolved.