Jump to content

Malwarebytes Anti-Exploit 1.12 Build 137 is blocking PowerShell


Recommended Posts

  • Staff

Hi soooner,

Can you please post some logs, we can take a look at it immediately. Thanks.

ZIP the entire contents (ALL the files, not just .LOG) of the MBAE user data directory and attach them to your post. The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it. If you are replying to someone else's post, you can click the "More reply options" button at the end of the page to get the file attachment options. You can find the logs in the following locations:

  1. Windows XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
  2. Vista, Windows 7 and Windows 8: C:\ProgramData\Malwarebytes Anti-Exploit
Link to post
Share on other sites

Hi everyone,

Same issue here.

When I turned my computer on this morning, I get the same message as sooner. I'm not running any special script at boot.

I can't run Powershell either.

Same issue appeared on both my computers.

I just registered specifically to add this.

I won't post any log unless you ask for it.

Windows 10 Pro b1809 17763.107

Kind regards.

Link to post
Share on other sites

This issue actually started in Sorry for not reporting it sooner. I thought this was caused by MBAE becoming a bit more unforgiving after the new chromium based browsers protection with the clever tricks I am using in my project to spawn an elevated Command Prompt from a standard one passing a parameter in the process to "transfer" a variable in the elevated context if UAC prompt is accepted and keep the standard cmd open waiting for user action even after the elevated cmd finishes and it is closed. I use Powershell to accomplish all this.

Elevated cmd spawn calls with a variable value as parameter



Code that runs with admin rights:


It first receives the variable from the standard user context before proceeding any further.


Link to post
Share on other sites

Is anyone here having powershell blocked in the background without trying to run powershell? Windows 10 started running a powershell test script in the background a few months back. I believe this script is used by Windows to check to see whether the user is running AppLocker, or not. This script gets blocked many times per day by AppGuard.

Here is the script being blocked by AppGuard. This image from AppGuard Activity Report shows a little information about the script.

powershell policy script.jpg

Link to post
Share on other sites

Another powershell script that runs in the background on many Windows 10 installations is used to disable Legacy versions of SMB. You can see this script captured below taken from ERP 's log file. This script has also ran over, and over again since it can not complete due to being blocked by AppGuard. I'm curious whether MBAE build 137 was blocking this script as well. I have not checked to see if this is the case since I have been using Malwarebytes Antimalware the last 3 weeks. I hope the log info below is helpful.


Date/Time: 2018-11-16 21:51:29.424
Action:  Allow/Known Safe Process
PID: 5504
Process Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Command Line: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
Parent: C:\Windows\System32\svchost.exe
Parent SHA1: B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8
Parent Signer: Microsoft Windows Publisher
Expression: -
Category: -
Integrity Level: System
System File: True



Link to post
Share on other sites

Latest .139 has fixed problem on laptop running Windows 7 Home Premium 64x. There was no problem on other laptop same OS. Had performed a factory reset and rebuild on first laptop a couple of months ago so this may have been the cause. Belarc Advisor caused the Power Shell problem.

Thanks and regards from 'Down Under''. ?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.