Jump to content

Privately written Word Macro keeps getting flagged.


Recommended Posts

I'm trying to run a home-rolled Macro for MS Word 2013 to automate including files of various types (.doc, pdf) into a document that I compose on a regular basis. Since installing Malwarebytes Endpoint Protection, the macro (and Word) keeps crashing when I try to run it. Stepping through the macro, I've discovered that it does so when trying to execute an Application.Run method. The Malwarebytes console indicates a Detection event with the following:

Detection Data  
Detection Name: Malware.Exploit.Agent.Generic
Action Taken: Blocked
Category: Exploit
Scanned At: 09/25/2019 - 10:51:04 AM
Reported At: 09/25/2019 - 10:51:58 AM
Type: Exploit
Endpoint: (edited)
Location: C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\mshta.exe C:\temp\radBD6DB.tmp.hta {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
Group Name: Default Group
Affected Applications: Microsoft Office Word

I've tried creating a Malwarebytes console exclusion using the hash data included in the Location information but no effect and (obviously) I don't want to create an exception for all Word macros. I've attached the script (with crash point noted as a comment) and temp file referenced. Any suggestions or additional information that might help resolve this? Given the number and position of files that are used in compiling the document it would be a pain to have to return to the manual method of doing so. Thanks.

NewMacros.bas.txt radBD6DB.tmp.hta.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.