Jump to content

Exploit Blocked - Excel.exe. False Positive?


Recommended Posts

This started to occur yesterday mid-morning. It seems isolated to the few remaining Windows 7 workstations still in the environment (or at the least, no Win 10 box has had it happen)... 

The workstations seeing this do not have any shared file in common that they all may have opened (the affected are among a couple of different divisions), and all of the workstations scan clean and Im told they have nothing surprising in the Event Viewer logs. 

 

I was wondering if anyone else was experiencing this, or if this might be a known false positive; I know there are a few people with issues of Anti Exploit blocking Excel from launching, and wasnt sure if this might be a wider reaching issue. The email notice is:

 

Exploit attempt blocked BLOCK                   staffda  Microsoft Office Excel    C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE               Attacked application: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE; Parent process name: ; Layer: Application Behavior Protection; API ID: 900; Address: ; Module: ; AddressType: ; StackTop: ; StackBottom: ; StackPointer: ; Extra:

 

Thanks!

Link to post
Share on other sites

Hi @billmobile1,

Thank you for reporting the issue. We will be able to further assist you after looking into the logs.

Here are the steps for taking the logs. Please post them in your next reply.

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
Link to post
Share on other sites
  • 9 months later...

Greetings,

Please do the following and let us know if it helps or not:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.