Jump to content

Word (Grammarly)


HMishkoff
 Share

Recommended Posts

Malwarebytes is not letting me load Word -- the problem seems to be with the Grammarly add-on to Word. (Error message attached.) Looking through the forum archives, I see that this has been an issue before -- but I can't determine if it's a known current issue because the forum's search function is not working. :(

Does this sound like a Malwarebytes problem or a Word/Grammarly problem? Is there a workaround, or do I just have to wait for somebody to fix the problem and issue an update?

Malwarebytes-Word-Grammarly.txt

Link to post
Share on other sites

  • 1 year later...

I see that this thread is old but I have a user that can not work in Word because Malware Bytes  is closing it down saying there is a "Malware exploit Agent" C:\Users\robert\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.8.261.exe

Any assistance would be appreciated.

Thanks 

Link to post
Share on other sites

Greetings,

It sounds like Malwarebytes is blocking a Grammarly update installer based on the detection details you posted.  Until a member of Research can respond, I'd recommend having the user temporarily disable Exploit Protection, then launching Word to allow the Grammarly update installer to launch and complete, then re-enabling Exploit Protection and hopefully that will correct the issue.

  • To do so, have the user right-click the Malwarebytes tray icon in the notification area near the system clock, then have them click where it says Exploit Protection: On
  • Have them click Yes if prompted by User Account Control
  • Then have them run Word and give it a minute for Grammarly to finish updating
  • Once that is done, have the user re-enable Exploit Protection by repeating the process, this time when they click they will select Exploit Protection: Off and doing so will turn it back on again

I hope this helps.

Link to post
Share on other sites

Really appreciate the quick reply,

The system in question is in a managed environment. I can log in to my Malware Bytes cloud and manage that but I am unsure where the settings are to allow the update and Grammarly to run.

I was also unsure if it was a false positive.

Link to post
Share on other sites

You would have to find the setting to disable Exploit Protection which should be located under Policies>policy applied to the endpoint with the detection>Windows tab>Settings tab>Real-Time Protection and you should see a toggle there to the right of where it says Exploit Protection to turn it off, then apply the policy update to the endpoint; just remember to re-enable it and to apply the policy to do so once the update completes, assuming you do decide to go that route.  Details on the settings in question can be found in this support article.

That said, if you're not confident that it actually is a false positive, just wait for a member of Research to respond, and in the meantime, if you can get that file: C:\Users\robert\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.8.261.exe and upload it to VirusTotal.com for analysis and post back the link from the VirusTotal scan here, that can help to expedite the process for Research to verify whether or not it is an FP.

Thanks

Link to post
Share on other sites

  • 4 weeks later...

Thank you. I also opened a case with Grammarly because I noticed that all the past files in that directory are numbered but this is the only one that does not have .## which I thought was strange and I also asked them what these files are used for as it appears Grammarly may be collecting some type of data on my account which I may or may not be okay with them collecting.

Link to post
Share on other sites

  • 3 weeks later...
  • 2 months later...

This one?

******************

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/19/21
Protection Event Time: 3:11 PM
Log File: 4da5c860-197d-11ec-abeb-00ffe99b11d8.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45124
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\WINDOWS\system32\WScript.Shell, Blocked, 0, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Microsoft Office Word
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office VBE7 object abuse blocked
File Name: C:\WINDOWS\system32\WScript.Shell
URL: 

(end)

*********************

 

Link to post
Share on other sites

1 hour ago, yuriygudz1961 said:

-Exploit Data-
Affected Application: Microsoft Office Word
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office VBE7 object abuse blocked
File Name: C:\WINDOWS\system32\WScript.Shell

Uncheck the following in advanced exploit settings. Then clock apply.

image.png.47ffee5694608d44c11430bd825b9f1e.png

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.