johnnyjr

Anti-Exploit 1.10.2.41

Recommended Posts

Been getting a ton of Exploit Threats Detected from users. Below is the Threat we been getting for users. Any ideas?

 

10/4/2017 4:06:11 PM     ************    ********             Exploit code executing from Heap memory blocked       BLOCK                   ******  Microsoft Office Word  C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe              Attacked application: C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe; Parent process name: OUTLOOK.EXE; Layer: Malicious Memory Protection; API ID: 104; Address: 0x07EFA251; Module: ; AddressType: 0x00020000; StackTop: 0x00210000; StackBottom: 0x001CB000; StackPointer: 0x0020BE10; Extra:

Share this post


Link to post
Share on other sites

Hey Johnnyjr,

I am going to reach out to you in a PM to collect some additional logs. Go ahead and reply to that with the logs and I will get this to our team to look into further! 

Share this post


Link to post
Share on other sites

Dear Rsullinger,

Since the release of anti-exploit verison 1.10.2.41. Our customer are facing issues with word, excel , powerpoint and pdf reader, they are not able to open any document. So i just stop protection with anti-exploit and it seems like everything is working fine again. It is a bug in this release 1.10.2.41. Please find the log files attached with this post and suggest for the solution. Thanks   

Malwarebytes Anti-Exploit.rar

Share this post


Link to post
Share on other sites

Hey QasimAzam,

On one of the machines having the issue, can you try removing anti-exploit with this tool:

 

https://malwarebytes.box.com/s/6oqwak9n6m85ps2ccou2lfhxtsfwphbo

 

and try re-installing 1.10 on the machine again with this link:

https://malwarebytes.box.com/s/r90csauab5broqn7ngnr8nh77knl5m90

 

I want to confirm if this is something that occurred from an upgrade/install issue since no alerts are being generated. 

 

Share this post


Link to post
Share on other sites

Also, anyone else experiencing memory leakage issues with 1.10.2.41? Doing the normal things I sometimes have my ram maxed out. 6+ gb just of internet explorer when anti-exploit is enabled. Its fine when I disable antiexploit.

Share this post


Link to post
Share on other sites

Hey Johnny,

 

I have not heard of any memory leakage issues like that with the latest build. When it happens, do you mind collecting these logs:

 

 

Share this post


Link to post
Share on other sites

We started have the same issue today across multiple clients.  Seems to be isolated to Win 8.1.  The faulting module is ntdll.dll.  Won't allow IE, Chrome, DisplaySoft, Excel, Word, Powerpoint to open.  Outlook, however, seems to work just fine.  Stop Protection on MBAE or uninstalling it, resolves the issue.  Believe we are going to call in tomorrow to Support to see if we can get this resolved.

Share this post


Link to post
Share on other sites

We've been having similar issues with adobe reader getting hit with "Exploit code executing from Heap memory blocked"

This is in a windows 10 vmware environment with MBAE 1.10.2.41. I've just stopped protection for adobe until I can get a support session setup.

edit: It looks like this was covered in the known issues section.

Quote

 VMWARE Horizon: Untick Malicious address return protection for all the affected applications in the Advanced Memory Protection tab.

 

Edited by ABaker
Found a possible fix

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.