Jump to content

Recommended Posts

I just updated to Windows version 1703 all was working fine with office 365 with Malewarebytes prior to the update now Malwarebytes blocks the opening of WINWORD.exe to create a document or the opening of any document saved to open with it. This is the word processor for MS OFFICE 365. After playing around a bit I could right click WINWORD.exe icon enter properties and click run as administrator. Obviously, a step I'd prefer not to have to take every time I want to create or open a document and doesn’t work to open .docx files or other file types set to open with WINWORD.exe

I should add I opened windows settings and checked for updates

eIUXji.png

other office programs are not affected such as, Outlook, one note publisher and excel which seems to open and work normally.

Spoiler below contains Malwarebytes log file from two events when trying to open word documents. 

Spoiler

 

"Malwarebytes

www.malwarebytes.com

-Log Details-

Protection Event Date: 10/17/17

Protection Event Time: 9:24 PM

Log File: 09f73dfe-b3a3-11e7-916a-4ccc6ad5b689.json

Administrator: Yes

 

-Software Information-

Version: 3.2.2.2018

Components Version: 1.0.212

Update Package Version: 1.0.3036

License: Premium

 

-System Information-

OS: Windows 10 (Build 15063.674)

CPU: x64

File System: NTFS

User: System

 

-Exploit Details-

File: 0

(No malicious items detected)

 

Exploit: 1

Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

 

-Exploit Data-

Affected Application: Microsoft Office Word

Protection Layer: Malicious Memory Protection

Protection Technique: Exploit code executing from Heap memory blocked

File Name:

URL:

 

(end)

__________________________________________________________________

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Protection Event Date: 10/17/17

Protection Event Time: 9:21 PM

Log File: adb00b21-b3a2-11e7-906c-4ccc6ad5b689.json

Administrator: Yes

 

-Software Information-

Version: 3.2.2.2018

Components Version: 1.0.212

Update Package Version: 1.0.3036

License: Premium

 

-System Information-

OS: Windows 10 (Build 15063.674)

CPU: x64

File System: NTFS

User: System

 

-Exploit Details-

File: 0

(No malicious items detected)

 

Exploit: 1

Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

 

-Exploit Data-

Affected Application: Microsoft Office Word

Protection Layer: Malicious Memory Protection

Protection Technique: Exploit code executing from Heap memory blocked

File Name:

URL:

 

(end)”

 

NpAhnW.png

 

 

 

Norton version 22.11.0.41 Blocked FRST.exe and quarantined the app

Filename: frst64.exe

The log txt as follows:
 

Spoiler

 

____________________________________________________________________________________________________

Threat name: WS.Reputation.1Full Path: d:\users\wayne\desktop\frst64.exe

 

____________________________

 

____________________________

 

 

On computers as of 

10/17/2017 at 10:22:17 PM

 

Last Used 

10/17/2017 at 10:25:00 PM

 

Startup Item 

No

 

Launched 

No

 

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe

 

 

____________________________

 

 

frst64.exe Threat name: WS.Reputation.1

Locate

 

 

Very Few Users

Fewer than 5 users in the Norton Community have used this file.

 

Very New

This file was released less than 1 week  ago.

 

Medium

This file risk is medium.

 

 

____________________________

 

 

Source: External Media

 

Source File:

frst64.exe

 

____________________________

 

 

File Thumbprint - SHA:

aedff39bc3034d9230cf9b0f4d4140711c6f1234a460a3096db222967e0e4d95

File Thumbprint - MD5:

aa41f81121fe1daa59926bd883eafbc2

__________________________________________________________________________________________________________________________________

 

 

However I was able to take it out of quarantine, not thrilled about it, risk level duly noted and run the app to provide results here.

 

Your help resolving this issue would be greatly appreciated

Addition.txt

FRST.txt

logs.7z

mb-check-results.zip

Link to post
Share on other sites

This looks to be a conflict with Symantec. We will get this fixed in the product, but in the meantime you can perform the following to solve the issue:

  1. Open MB3
  2. Navigate to Settings -> Protection
  3. Click Advanced Settings
  4. Click the Advanced Memory Protection tab
  5. The first row should be titled Malicious Return Address Protection, uncheck the box in this row under MS Office
  6. Click Apply

Your programs should now run properly

Link to post
Share on other sites

Thanks for the help! however I may have spoke up to soon. Other than a few more restarts I've done nothing else to the system other than create a new image back up and tweak a few setting that were changed after the update which include:

Turned off Fast Start, Enabled system protection and created a restore point, tweaked some file explore settings, added takeownership for context menu, turned off hardware update through Windows update, and changed some default apps. Why windows resets theses things with an update is beyond me.

Now I doubt any of these tweaks fixed the issue and it's possible symantec updated in the background but I felt compelled to report this to you.

Thanks! again

If there is anything I can do to help you just let me know I'd be more than happy to.

consider this issue resolved

Edited by owcraftsman
Link to post
Share on other sites

  • 1 month later...
On 12/6/2017 at 5:48 PM, Superowl said:

I had the same problem and received this error message.

image.png.ceec0e24cc3b6c0c3b95fdcf444573c2.png

I was able to "fix" is so that Office 365 is now usable with a fix I found in the forum where the same problem existed with Office 2016.  This was the fix then and worked for me today Dec 6, 2017.

image.png.fdab9b801ffc9f9446d2a066b4a0d38a.png

 

On 12/7/2017 at 3:57 PM, Firefox said:

No need to disable any Anti-Exploit features now with the latest version... your screen shot shows version 3.0.6, which is outdated.

Download the Latest MB3 v3.3.1.2183 CU 1.0.262 from ->>RIGHT HERE<<-

Thanks to both of you for the replies. If there was a way to mark the post resolved I would have or select the best answer or edit the OP but sadly there isn't I was aware the update resolved the issues. Thanks Again!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.