Jump to content

Can't figure out if this is legit exploit or false positive


Recommended Posts

We are on a managed client    Version 1.7.0.3208

Anti-Malware Version : 1.80.2.1012

Anti-Exploit Version: 1.09.2.1413 

Database Version V2017.05.25.07

 

We had one of our users go to WebMD and copy and paste an article and we got hit with a exploit alert.


Can you confirm if this is a real threat or a false positive?

 

 

Edited by iambry
Link to post
Share on other sites

  • Staff

Hello Iambry,

I want to have you collect some logs from the event so I can look into this further. To do this:

Please download our diagnostic tool, MB-Check to your Desktop from this link: https://downloads.malwarebytes.com/file/mb3_check

Double-click it to run it. A black command prompt window will appear momentarily and you will see a message appear telling you to locate the zipped log files.

A zip file named mb-check-results.zip will be saved to your Desktop. 
Please attach this file to your next reply.

Link to post
Share on other sites

  • Staff

Hey Iambry,

 

It seems like the tool didn't gather the logs which is strange since there should have been an alert generated for this. I apologize for this, but can you collect the C:\ProgramData\Malwarebytes Anti-Exploit directory for me so I can be sure the logs are collected. If an alert was indeed created, it should be in that directory. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.