Jump to content


Recommended Posts

Been getting a ton of Exploit Threats Detected from users. Below is the Threat we been getting for users. Any ideas?


10/4/2017 4:06:11 PM     ************    ********             Exploit code executing from Heap memory blocked       BLOCK                   ******  Microsoft Office Word  C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe              Attacked application: C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe; Parent process name: OUTLOOK.EXE; Layer: Malicious Memory Protection; API ID: 104; Address: 0x07EFA251; Module: ; AddressType: 0x00020000; StackTop: 0x00210000; StackBottom: 0x001CB000; StackPointer: 0x0020BE10; Extra:

Link to post
Share on other sites

Dear Rsullinger,

Since the release of anti-exploit verison Our customer are facing issues with word, excel , powerpoint and pdf reader, they are not able to open any document. So i just stop protection with anti-exploit and it seems like everything is working fine again. It is a bug in this release Please find the log files attached with this post and suggest for the solution. Thanks   

Malwarebytes Anti-Exploit.rar

Link to post
Share on other sites

  • Staff

Hey QasimAzam,

On one of the machines having the issue, can you try removing anti-exploit with this tool:




and try re-installing 1.10 on the machine again with this link:



I want to confirm if this is something that occurred from an upgrade/install issue since no alerts are being generated. 


Link to post
Share on other sites

  • 2 weeks later...

We started have the same issue today across multiple clients.  Seems to be isolated to Win 8.1.  The faulting module is ntdll.dll.  Won't allow IE, Chrome, DisplaySoft, Excel, Word, Powerpoint to open.  Outlook, however, seems to work just fine.  Stop Protection on MBAE or uninstalling it, resolves the issue.  Believe we are going to call in tomorrow to Support to see if we can get this resolved.

Link to post
Share on other sites

  • 1 month later...

We've been having similar issues with adobe reader getting hit with "Exploit code executing from Heap memory blocked"

This is in a windows 10 vmware environment with MBAE I've just stopped protection for adobe until I can get a support session setup.

edit: It looks like this was covered in the known issues section.


 VMWARE Horizon: Untick Malicious address return protection for all the affected applications in the Advanced Memory Protection tab.


Edited by ABaker
Found a possible fix
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.