Jump to content

False positive wscript.exe


Recommended Posts

We have had several machines producing alerts for wscript.exe on documents that do not contain an exploit. I can get you log files if needed. 

Here is the content of the alert email:

Exploit code executing from Heap memory blocked          BLOCK                   SYSTEM Wscript.exe                C:\WINDOWS\System32\Wscript.exe     Attacked application: C:\WINDOWS\System32\Wscript.exe; Parent process name: svchost.exe; Layer: Malicious Memory Protection; API ID: 301; Address: 0x7FC8038F; Module: ; AddressType: 0x00020000; StackTop: 0x7BD90000; StackBottom: 0x7BD88000; StackPointer: 0x7BD8DFA8; Extra:


Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Hi All,

yes, We do have a newer version of Anti-Exploit that fixes this issue. It will be released in Malwarebytes end of this month. Until then, you can disable Exploit Protection in Malwarebytes and install the below tool in parallel. Starting February, you can uninstall this tool and enable Exploit protection back in Malwarebytes when this fix will be rolled over.


Let me know if you have any questions. Thanks.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.