Jump to content
TigerByte

blocking java

Recommended Posts

I have a legitimate software that uses JAVA, and I've been using it for a couple of years. All of a sudden, on 12 September, MalwareBytes started blocking it. I added the following to the exclusions but that did not help:

C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe

C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe

C:\Program Files (x86)\Java\jre1.8.0_211\bin\jjs.exe

Any suggestions would be much appreciated.

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Greetings,

Depending on the type of detection and the module that is detecting your application, you may need to change settings in Malwarebytes to allow the application to function without being blocked.  Since you mentioned Java, I suspect it could be one of the shields in Exploit Protection blocking it which means normal exclusions would not allow the program to execute.  If you would, please post a screen shot of the detection from Malwarebytes or one of the reports from Malwarebytes showing the detection/block event as that will help us to determine exactly what was blocked and why.  You should be able to find the reports in Malwarebytes under the Reports tab.  You can find instructions on how to do so in this support article.

Thanks

Edited by AdvancedSetup
updated link

Share this post


Link to post
Share on other sites

Thanks, as I suspected, it is the Exploit Protection component blocking your application.  Please use the 'Export' option and select 'Copy to Clipboard' and then paste it into your reply and we'll take a look at exactly what it is detecting and we should be able to get a member of Research to assist, hopefully with fixing the detection assuming it's a false positive (which it sounds like it is).

In the meantime, I'll also request that one of the forum admins moves this topic over to our Exploit Protection false positives area so that the Research team will see it and can help you to address the issue.

Share this post


Link to post
Share on other sites

Exile360, Here's the report: thank you, again. 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/11/19
Protection Event Time: 6:02 AM
Log File: 3874eb4b-ec0e-11e9-8cec-480fcf51dff9.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.627
Update Package Version: 1.0.12855
License: Premium

-System Information-
OS: Windows 10 (Build 17763.775)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Java
Protection Layer: Application Behavior Protection
Protection Technique: Java malicious inbound socket detected
File Name: 
URL: 

 

(end)

Share this post


Link to post
Share on other sites

Hi TigerByte,

Thank you for reporting the issue. We will be able to further assist you after looking at the logs.

Here are the steps for taking logs. Kindly follow steps 4 and 5 and post the logs here.

Thanks.

Share this post


Link to post
Share on other sites

Hi TigerByte,

Can you deselect this setting "Java Malicious Inbound Shell Protection" under the Protection Tab -> Real-Time Protection -> Advanced Settings -> Java Protection Tab and click Apply.

image.png.299d1c8b6f48fad3e207c31fd56f39b8.png

 

Let me know if this solves the issue for you. It is safe to turn off this setting.

Share this post


Link to post
Share on other sites

This appears to have solved the problem. I'll find out for sure Monday morning. 

Thank you very much for your help.

Share this post


Link to post
Share on other sites

Thanks for confirming and we are glad to help. Appreciate the quick response. Let us know if you face any further issues. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.