Jump to content
Heliae

Anti-Exploit not allowing us to add exception for false positive

Recommended Posts

Today there was an update (not sure but it seems it was an Office Update) that made a plugin from Box (Box for Office is the plugin) throw this error in anti exploit: Exploit code executing from Heap memory blocked. 

Both Word and Excel throw this error and if I disable the Box add-in, the programs are allowed to open.  I can't add an exception because it never gets that far.  Can you patch this?  If not, what do I have to uncheck on the management console in policy so we can use word and excel again with the Box add-in?

Thanks. 

 

Share this post


Link to post
Share on other sites

Hello Heliae,

 

As a temporary work around, you can disable the shield for the office item (word an excel). That will make it work as temporary fix. However, to know for sure what is causing this and how to fix it, we will need these logs:

 

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Exploit.zip

Basically, after a windows or office patch, this particular user cannot open word or excel because anti-exploit will pop up and give the "Exploit code executing from Heap memory blocked."

When we try to open word or excel again, it says there's a problem with a plug in (box for office) and if we disable it, we can then open word or excel without anit-exploit giving the error. 
We've been running all our computers with box for office for a couple years now and this is the only time we've had this issue.  I haven't seen this on anyone else's computer either so either no one else did the patch yet, or it's a problem only on her computer.

 

 

Share this post


Link to post
Share on other sites

Hey Heliae,

 

That is odd, I would assume you would be seeing it more in your environment. Based on the logs, it does look like a memory error that some addons cause. I want to have you try a build on her machine to see if it fixes the issue. This build can be found here:

https://malwarebytes.box.com/s/t5mh3h3kwtux9ugaj22q87gra1qg0i92

If that does not fix it, then we may need to run a debug build. Let me know how that build does as we will be deploying that build out to everyone soon. 

 

Edited by Rsullinger

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.