Jump to content
Pharaohs

(Steam) False postive or Configuration issue with MBAM Premium Protection?

Recommended Posts

Hello,
For starters I wanted to know if it's advisable to add the steam.exe and steamwebhelper.exe to the list of protected applications in MBAM Premium real-time protection list. I did just that and added steam as a "media player" (??) and steamwebhelper.exe as a Chromium based browser. Last night I purchased Nier: Automata and upon executing it for the first time (triggering its install process) MBAM blocked the nierautomata.exe saying it was a generic exploit agent. Subsequent attempts after verifying the game's integrity reproduces the same behavior.
Most importantly I would like to know if adding STEAM and STEAMWEBHELPER to the protected applications list, as I have, is recommended -- or should I change the program type from MEDIA PLAYER to OTHER? If not a config issue then perhaps I'm just reporting a false positive. (I hope)
How should I proceed?

Here are the two relevant log notes:
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2903
License: Premium
-System Information-
OS: Windows 10 (Build 15063.632)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0
-Exploit Data-
Affected Application: steam
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload file blocked
File Name: D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe
URL:
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2903
License: Premium
-System Information-
OS: Windows 10 (Build 15063.632)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 1
Malware.Exploit.Agent.Generic, D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe, Quarantined, [0], [392684],0.0.0
Exploit: 0
(No malicious items detected)

Share this post


Link to post
Share on other sites
19 minutes ago, Pharaohs said:

D:\Games\SteamLibrary\steamapps\common\NieRAutomata\NieRAutomata.exe

Even if you did add the exclusion it will not be honored on any drive but the main drive. (Bug)

Share this post


Link to post
Share on other sites

 

6 hours ago, Porthos said:

Even if you did add the exclusion it will not be honored on any drive but the main drive. (Bug)

I'm not sure I follow. Was I not clear in my original post? Are you saying it is a false positive and I should create an exclusion (even tho it won't work due to a bug)? I'd basically like to know if I had steam + steam components configured correctly in MBAM application settings AND/OR if the exploit warning is anything to worry about...

Share this post


Link to post
Share on other sites

I am going to ask this to be moved to the false positive section so you can find out once and for if you have an issue or not. Dontworry about my comment on exclusions. 

12 minutes ago, Pharaohs said:

 

I'm not sure I follow. Was I not clear in my original post? Are you saying it is a false positive and I should create an exclusion (even tho it won't work due to a bug)? I'd basically like to know if I had steam + steam components configured correctly in MBAM application settings AND/OR if the exploit warning is anything to worry about...

 

Share this post


Link to post
Share on other sites

Okay thanks for moving it. I'm still having the issue and have ran the MB-CLEAN utility and reconfigured MBAM - exploit still found while installing Nier Automata D:

Share this post


Link to post
Share on other sites

I'll get the logs but here are the files in question. Note: scanning didn't turn up anything only upon executing it for it's initial launch does it trigger a Generic Exploit alert. (Which is why I was wondering if I should change or remove the steam protection in mbam - due to its nature of installing DirectX and Microsoft Redistribs)

EDIT: The file's too large, going to PM it to you.

Share this post


Link to post
Share on other sites

i passed this on to the anti exploit team. They will look at it within a couple days.

You can temporarily remove the the shield proection from steam for now.

 

Share this post


Link to post
Share on other sites

Thanks shadowwar, 

In general, is there a best practice for configuring MBAM to work with Steam? I would imagine a significant percentage of MBAM customers use that software but I'm having trouble finding data on it (particularly for MBAM 3+). Steam does use a Chromium build as it's web browser overlay while running games or watching media - and it's a full fledged browser without extension support -- so vulnerable to Javascript Exploits, etc. It's tricky tho because it also has Anti-Cheating mechanisms that may or may not work with MBAM's hooks. It also constantly installs Visual Studio Redistribs and DirectX so that might be False-Positive hell. 

Any ideas? Or could you point me in a good direction where this has been discussed?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.