Jump to content
abustraan

Excluding False Exploit Detection

Recommended Posts

Whenever I try and run any of the functions such as Shutdown, WOL, Open C$ Via Lansweeper I get an exploit blocked/quarantined warning from Malwarebytes.

I tried to create an exclusion, but when I attempt to specify the exclusion for exploit detection, the box is greyed out.

Any thoughts?

 

Exclusion.PNG

Quarantine.PNG

Share this post


Link to post
Share on other sites

You need to do this from the policy itself. Go to the policy, under the Windows tab, then settings, then Advanced Settings, see my example screen shot below. Then be sure that you turn the toggle switch off for that application. 

 

image.thumb.png.f6ddc0084fdd57043507ebe1528a9a59.png

Share this post


Link to post
Share on other sites

Exclusions also work differently for Exploit Protection.  You must exclude based on the detected exploit itself, not the executable.  According to the documentation found here exclusions for Exploit Protection require the MD5 hash of the detected exploit, not the file/path.  This is because Exploit Protection works differently from the other protection components where it looks at application behavior, scripts, individual threads in memory and other factors to make its detections and doesn't just look at individual specific files or processes, so its exclusions work quite differently from the way they do for other modules as well.

I hope this helps, but please let us know if you continue to have any trouble with the feature.  In the meantime you may also report any false positives from Exploit Protection to Malwarebytes Support or directly to the Malwarebytes Research team here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.