Jump to content

Malwarebytes blocking excel


Differentunic
 Share

Recommended Posts

I made an excel spreadsheet that malwarebytes blocks due to an "exploit". All I do to get this is click on a hyperlink.

Here is the report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/11/20
Protection Event Time: 8:47 PM
Log File: beb3c3f8-9374-11ea-a1af-6c2b5977f5e7.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.896
Update Package Version: 1.0.23664
License: Premium

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- https:\www.carsales.com.au\, Blocked, 0, 392684, 0.0.0

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- https:\www.carsales.com.au\
URL: 

(end)

Link to post
Share on other sites

  • 1 month later...

I'm having the same issue but that box is not checked.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/25/20
Protection Event Time: 4:04 PM
Log File: 7ff0e2aa-b727-11ea-b2db-c03fd55d83e6.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.955
Update Package Version: 1.0.26019
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE, Blocked, 0, 392685, 0.0.0


(end)

Link to post
Share on other sites

Log File:  1B7 4BFD6-BA38-11EA-930E-9CB654F6DB5CJ

System Info:  Wind10 (Build 18362.900)

CPU:  X64

File System Type: NTFS

User:  System

Software Info: Version 4.1.0.56

Component Package Version:  1.0.955

Update Package Version:  1.0.26157

Thank You!!

 

Link to post
Share on other sites

Same here, Excel just blocked, log file attached

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/30/20
Protection Event Time: 3:38 PM
Log File: 53ab7fa0-badf-11ea-974a-b42e99339a53.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.955
Update Package Version: 1.0.26199
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Blocked, 0, 392685, 0.0.0


(end)

mbae-default.log

Link to post
Share on other sites

  • 4 months later...

I've been getting this block as wel for a week or so. Here are the settings and the log.

image.png.f316b0a69469544136ad59036b8cbbaa.png

Malwarebytes
www.malwarebytes.com

-Logoplysninger-
Dato for beskyttelseshændelse: 04.11.2020
Tidspunkt for beskyttelseshændelse: 09.16
Logfil: 143609e4-1e76-11eb-a1d4-94659cceca3d.json

-Softwareoplysninger-
Version: 4.2.2.95
Komponentversion: 1.0.1096
Opdatér pakkeversion: 1.0.32464
Licens: Premium

-Systemoplysninger-
OS: Windows 10 (Build 18362.1139)
CPU: x64
Filsystem: NTFS
Bruger: System

-Oplysninger om udnyttelse-
Fil: 0
(Ingen skadelige elementer registreret)

Udnyttelse: 1
Malware.Exploit.Agent.Generic, , Blokeret, 0, 392684, 0.0.0, , 

-Data for udnyttelse-
Berørt program: Microsoft Office Excel
Beskyttelseslag: Application Behavior Protection
Beskyttelsesteknik: Exploit payload macro process blocked
Filnavn: 
URL-adresse: 

(end)

Link to post
Share on other sites

17 minutes ago, jozefvl said:

I've been getting this block as wel for a week or so. Here are the settings and the log.

image.png.f316b0a69469544136ad59036b8cbbaa.png

Malwarebytes
www.malwarebytes.com

-Logoplysninger-
Dato for beskyttelseshændelse: 04.11.2020
Tidspunkt for beskyttelseshændelse: 09.16
Logfil: 143609e4-1e76-11eb-a1d4-94659cceca3d.json

-Softwareoplysninger-
Version: 4.2.2.95
Komponentversion: 1.0.1096
Opdatér pakkeversion: 1.0.32464
Licens: Premium

-Systemoplysninger-
OS: Windows 10 (Build 18362.1139)
CPU: x64
Filsystem: NTFS
Bruger: System

-Oplysninger om udnyttelse-
Fil: 0
(Ingen skadelige elementer registreret)

Udnyttelse: 1
Malware.Exploit.Agent.Generic, , Blokeret, 0, 392684, 0.0.0, , 

-Data for udnyttelse-
Berørt program: Microsoft Office Excel
Beskyttelseslag: Application Behavior Protection
Beskyttelsesteknik: Exploit payload macro process blocked
Filnavn: 
URL-adresse: 

(end)

Oh well, updating Windows has made this problem go away

Link to post
Share on other sites

19 hours ago, Arthi said:

Hi All,

Can you make sure that "Block penetration testing attacks" setting is also turned OFF. You can find it near the Advanced Exploit Settings button.

Thanks.

That's the one preventing the opening of the Excel files. Switching it off fixed it -- even on OneDrive. But is the switching off of protection really the answer?

Link to post
Share on other sites

8 minutes ago, Ermath said:

That's the one preventing the opening of the Excel files. Switching it off fixed it -- even on OneDrive. But is the switching off of protection really the answer?

That particular setting isn't really a protection from actual in-the-wild threats.  Penetration testing attacks are tools and methods used by professional white hat infiltrators which simulate attacks but aren't actual threats and this setting is specifically used for the purpose of detecting their tools and methods so it isn't going to guard against any real attacks or infections (this is also why it is configured to be off by default).

  • Thanks 1
Link to post
Share on other sites

  • 1 year later...

I started having this same issue with Excel today - I used it with no issues all day yesterday but today I cannot even get it to let me make any changes to the cells except type an original value, but I try to change the format in anyway it closes Excel and any work done is lost.  So very frustrating.  The fixes mentioned in this thread have been tried and not worked.  I however, cannot find the "Block Penetration Testing Attacks" button anywhere.

Link to post
Share on other sites

1 minute ago, Lynnette said:

Thank you.  I did that from an earlier thread but it does not work.

Then I need the log showing the block.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites

Here you go:  This is just one of the RTP detections.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/24/22
Protection Event Time: 11:14 AM
Log File: 4236af00-9595-11ec-affe-70bc107260c6.json

-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.51607
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1526)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, explorer.exe, Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office WMI abuse blocked
File Name: explorer.exe
URL:

 

(end)

Let me know what else is needed.  Also, I am in the middle of a big project so to fix the issue temporarily I turned off the protection for Excel and it is working fine but then it is not protected.

Thank you.

Lynnette

Link to post
Share on other sites

Here you go:  This is just one of the RTP detections.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/24/22
Protection Event Time: 11:14 AM
Log File: 4236af00-9595-11ec-affe-70bc107260c6.json

-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.51607
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1526)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, explorer.exe, Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office WMI abuse blocked
File Name: explorer.exe
URL:

 

(end)

Let me know what else is needed.  Also, I am in the middle of a big project so to fix the issue temporarily I turned off the protection for Excel and it is working fine but then it is not protected.

Thank you.

Lynnette

Link to post
Share on other sites

8 minutes ago, Lynnette said:

Let me know what else is needed.

After you finish your project and have an opportunity,

Please do the following Uninstall and reinstall using the Malwarebytes Support Tool

Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also.

Once done it will attempt to reinstall both Malwarebytes and Privacy VPN.

Please say no and close the X button on the top right for Privacy.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.