Jump to content

Exploit memory HeapSpray attempt blocked - Internet Explorer

Recommended Posts

We just rolled out the last Anti-Exploit Version: to our test Endpoints

One of the Clients (windows-10 virtual machine) got this alert-message as soon as he tries to open Internet Explorer.



Malwarebytes management server emailed over a notice about this alert every times the client tries to open IE.

Below is the alert-message from Server and attached are the MBAE Logs from that VM.


Malwarebytes Management Server Notification


Alert Time: 22.05.2019 10:29:46

Server Hostname: *****

Server Domain/Workgroup: ****


Exploit threat detected, see details below:


22.05.2019 10:28:02     VM****     Exploit memory HeapSpray attempt blocked     BLOCK       user    Internet Explorer C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE   Attacked application: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE; Parent process name: iexplore.exe; Layer: Application Hardening; API ID: 900; Address: 0x0D0D78D0; Module: ; AddressType: ; StackTop: 0x0B200000; StackBottom: 0x0B1F2000; StackPointer: ; Extra:

Total count: 1.


Could someone tell me what the anti-exploit took exception to? 

Thanks in advance for your help.


Share this post

Link to post
Share on other sites

Hello Muciqi,

I just wanted to reach out and let you know I will be creating a case on your behalf and and sending a follow up so we can help answer and resolve this.

Warm Regards,

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.