Can't figure out if this is legit exploit or false positive

[iambry]

We are on a managed client    Version 1.7.0.3208

Anti-Malware Version : 1.80.2.1012

Anti-Exploit Version: 1.09.2.1413 

Database Version V2017.05.25.07

 

We had one of our users go to WebMD and copy and paste an article and we got hit with a exploit alert.

Can you confirm if this is a real threat or a false positive?

 

 

Edited May 25, 2017 by iambry

[Rsullinger]

Hello Iambry,

I want to have you collect some logs from the event so I can look into this further. To do this:

Please download our diagnostic tool, MB-Check to your Desktop from this link: https://downloads.malwarebytes.com/file/mb3_check

Double-click it to run it. A black command prompt window will appear momentarily and you will see a message appear telling you to locate the zipped log files.

A zip file named mb-check-results.zip will be saved to your Desktop. 
Please attach this file to your next reply.

[iambry]

Do I need to run as the user that got this error or can I just need to run this as an administrator?

[Rsullinger]

Hey Iambry,

 

You may need to run the tool as an admin, however it will collect the logs from the C:\Programdata which is shared by all users. So you don't need to run it on the user that had the issue. 

[iambry]

Here is the file you requested.

 

mb-check-results.zip

[Rsullinger]

Hey Iambry,

 

It seems like the tool didn't gather the logs which is strange since there should have been an alert generated for this. I apologize for this, but can you collect the C:\ProgramData\Malwarebytes Anti-Exploit directory for me so I can be sure the logs are collected. If an alert was indeed created, it should be in that directory. 

[iambry]

On 5/26/2017 at 0:57 PM, Rsullinger said:

Here is the folder  I zipped it in it's entirety.

 

Malwarebytes Anti-Exploit.zip