Malware.Exploit.Agent.Generic

[nigel1952]

I have one PC that detects Malware.Exploit.Agent.Generic when a PDF is opened.

 

other machines on the network same version of cloud.malwarebytes are happy to allow them to open

 

running a scan doesn't detect anything

[vbarytskyy]

@nigel1952

Is it possible that this user has an extension in Adobe Reader (or whatever software is being used)? Typically issues like this originate from a bad extension that may be trying to do something with the file.

If you can get us a sample logs, I can definitely take a look.

From the machine having this issue, do the following: 

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
• Place a checkmark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link
  
• Click the Gather Logs button
  
• A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
• Upon completion, click OK
• A file named mbst-grab-results.zip will be saved to your Desktop
  • In a domain environment, the zip file may get moved to the admin's Desktop. If the zip file is not seen on the Desktop of the logged in user, check user profile of the admin

Thank you

[nigel1952]

On 8/13/2018 at 4:49 PM, vbarytskyy said:

@nigel1952

Is it possible that this user has an extension in Adobe Reader (or whatever software is being used)? Typically issues like this originate from a bad extension that may be trying to do something with the file.

If you can get us a sample logs, I can definitely take a look.

From the machine having this issue, do the following: 

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
• Place a checkmark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link
  
• Click the Gather Logs button
  
• A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
• Upon completion, click OK
• A file named mbst-grab-results.zip will be saved to your Desktop
  • In a domain environment, the zip file may get moved to the admin's Desktop. If the zip file is not seen on the Desktop of the logged in user, check user profile of the admin

Thank you

 

mbst-grab-results.zip

[vbarytskyy]

Hello @nigel1952,

I am getting this looked in. While we are looking over the provided logs, you may disable the protection layer causing this issue so users can open PDF's properly. 

In the Malwarebytes Cloud console: 

1. Go to Settings > Policies
2. Select your policy > under "Windows" select Settings
3. Under "Real-Time Protection" select Advanced Settings
4. Click the "Advanced Memory Protection" tab and uncheck "Memory Patch Hijack Protection" under PDF Reader
   1.