Differentunic Posted May 11, 2020 ID:1380459 Share Posted May 11, 2020 I made an excel spreadsheet that malwarebytes blocks due to an "exploit". All I do to get this is click on a hyperlink. Here is the report: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/11/20 Protection Event Time: 8:47 PM Log File: beb3c3f8-9374-11ea-a1af-6c2b5977f5e7.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.896 Update Package Version: 1.0.23664 License: Premium -System Information- OS: Windows 10 (Build 18362.778) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- https:\www.carsales.com.au\, Blocked, 0, 392684, 0.0.0 -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- https:\www.carsales.com.au\ URL: (end) Link to post Share on other sites More sharing options...
Staff Arthi Posted May 12, 2020 Staff ID:1380702 Share Posted May 12, 2020 Hi Differentunic, Thanks for posting. Can you try turning off the setting marked in red. Thanks. Link to post Share on other sites More sharing options...
Differentunic Posted May 12, 2020 Author ID:1380706 Share Posted May 12, 2020 It worked, there aren't anymore notifications, thanks. Link to post Share on other sites More sharing options...
Jeff169 Posted June 29, 2020 ID:1390975 Share Posted June 29, 2020 I'm having the same issue but that box is not checked. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/25/20 Protection Event Time: 4:04 PM Log File: 7ff0e2aa-b727-11ea-b2db-c03fd55d83e6.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26019 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE, Blocked, 0, 392685, 0.0.0 (end) Link to post Share on other sites More sharing options...
MMCI3600 Posted June 29, 2020 ID:1390989 Share Posted June 29, 2020 Me too and my checkbox isn't checked either. Link to post Share on other sites More sharing options...
Staff Arthi Posted June 29, 2020 Staff ID:1390993 Share Posted June 29, 2020 Hi, Thanks for reporting. Can one of you send us this log file, we will take a look. C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log Thank you. Link to post Share on other sites More sharing options...
MMCI3600 Posted June 30, 2020 ID:1391125 Share Posted June 30, 2020 Log File: 1B7 4BFD6-BA38-11EA-930E-9CB654F6DB5CJ System Info: Wind10 (Build 18362.900) CPU: X64 File System Type: NTFS User: System Software Info: Version 4.1.0.56 Component Package Version: 1.0.955 Update Package Version: 1.0.26157 Thank You!! Link to post Share on other sites More sharing options...
SolveMyProblemUK Posted June 30, 2020 ID:1391155 Share Posted June 30, 2020 Same here, Excel just blocked, log file attached Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/30/20 Protection Event Time: 3:38 PM Log File: 53ab7fa0-badf-11ea-974a-b42e99339a53.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26199 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Blocked, 0, 392685, 0.0.0 (end) mbae-default.log Link to post Share on other sites More sharing options...
jozefvl Posted November 4, 2020 ID:1418362 Share Posted November 4, 2020 I've been getting this block as wel for a week or so. Here are the settings and the log. Malwarebytes www.malwarebytes.com -Logoplysninger- Dato for beskyttelseshændelse: 04.11.2020 Tidspunkt for beskyttelseshændelse: 09.16 Logfil: 143609e4-1e76-11eb-a1d4-94659cceca3d.json -Softwareoplysninger- Version: 4.2.2.95 Komponentversion: 1.0.1096 Opdatér pakkeversion: 1.0.32464 Licens: Premium -Systemoplysninger- OS: Windows 10 (Build 18362.1139) CPU: x64 Filsystem: NTFS Bruger: System -Oplysninger om udnyttelse- Fil: 0 (Ingen skadelige elementer registreret) Udnyttelse: 1 Malware.Exploit.Agent.Generic, , Blokeret, 0, 392684, 0.0.0, , -Data for udnyttelse- Berørt program: Microsoft Office Excel Beskyttelseslag: Application Behavior Protection Beskyttelsesteknik: Exploit payload macro process blocked Filnavn: URL-adresse: (end) Link to post Share on other sites More sharing options...
jozefvl Posted November 4, 2020 ID:1418365 Share Posted November 4, 2020 17 minutes ago, jozefvl said: I've been getting this block as wel for a week or so. Here are the settings and the log. Malwarebytes www.malwarebytes.com -Logoplysninger- Dato for beskyttelseshændelse: 04.11.2020 Tidspunkt for beskyttelseshændelse: 09.16 Logfil: 143609e4-1e76-11eb-a1d4-94659cceca3d.json -Softwareoplysninger- Version: 4.2.2.95 Komponentversion: 1.0.1096 Opdatér pakkeversion: 1.0.32464 Licens: Premium -Systemoplysninger- OS: Windows 10 (Build 18362.1139) CPU: x64 Filsystem: NTFS Bruger: System -Oplysninger om udnyttelse- Fil: 0 (Ingen skadelige elementer registreret) Udnyttelse: 1 Malware.Exploit.Agent.Generic, , Blokeret, 0, 392684, 0.0.0, , -Data for udnyttelse- Berørt program: Microsoft Office Excel Beskyttelseslag: Application Behavior Protection Beskyttelsesteknik: Exploit payload macro process blocked Filnavn: URL-adresse: (end) Oh well, updating Windows has made this problem go away Link to post Share on other sites More sharing options...
Ermath Posted November 7, 2020 ID:1419211 Share Posted November 7, 2020 Could it be related to OneDrive? I had a sheet in OneDrive, and even after updating everything, Excel was still blocked. Then I moved the sheet from OneDrive to Dropbox, and bingo, it worked. Link to post Share on other sites More sharing options...
Staff Arthi Posted November 7, 2020 Staff ID:1419254 Share Posted November 7, 2020 Hi All, Can you make sure that "Block penetration testing attacks" setting is also turned OFF. You can find it near the Advanced Exploit Settings button. Thanks. 1 Link to post Share on other sites More sharing options...
Ermath Posted November 8, 2020 ID:1419394 Share Posted November 8, 2020 19 hours ago, Arthi said: Hi All, Can you make sure that "Block penetration testing attacks" setting is also turned OFF. You can find it near the Advanced Exploit Settings button. Thanks. That's the one preventing the opening of the Excel files. Switching it off fixed it -- even on OneDrive. But is the switching off of protection really the answer? Link to post Share on other sites More sharing options...
exile360 Posted November 8, 2020 ID:1419397 Share Posted November 8, 2020 8 minutes ago, Ermath said: That's the one preventing the opening of the Excel files. Switching it off fixed it -- even on OneDrive. But is the switching off of protection really the answer? That particular setting isn't really a protection from actual in-the-wild threats. Penetration testing attacks are tools and methods used by professional white hat infiltrators which simulate attacks but aren't actual threats and this setting is specifically used for the purpose of detecting their tools and methods so it isn't going to guard against any real attacks or infections (this is also why it is configured to be off by default). 1 Link to post Share on other sites More sharing options...
Lynnette Posted February 24, 2022 ID:1504202 Share Posted February 24, 2022 I started having this same issue with Excel today - I used it with no issues all day yesterday but today I cannot even get it to let me make any changes to the cells except type an original value, but I try to change the format in anyway it closes Excel and any work done is lost. So very frustrating. The fixes mentioned in this thread have been tried and not worked. I however, cannot find the "Block Penetration Testing Attacks" button anywhere. Link to post Share on other sites More sharing options...
Porthos Posted February 24, 2022 ID:1504208 Share Posted February 24, 2022 3 minutes ago, Lynnette said: I however, cannot find the "Block Penetration Testing Attacks" button anywhere. Go to security and advanced exploit settings and click restore defaults and apply. Link to post Share on other sites More sharing options...
Lynnette Posted February 24, 2022 ID:1504216 Share Posted February 24, 2022 Thank you. I did that from an earlier thread but it does not work. Link to post Share on other sites More sharing options...
Porthos Posted February 24, 2022 ID:1504217 Share Posted February 24, 2022 1 minute ago, Lynnette said: Thank you. I did that from an earlier thread but it does not work. Then I need the log showing the block. You can find Scan and Protection logs within the Malwarebytes 4 program in the following location RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged If you click on the View option you should get something similar to the following with other options available. Thank you Link to post Share on other sites More sharing options...
Lynnette Posted February 24, 2022 ID:1504220 Share Posted February 24, 2022 Here you go: This is just one of the RTP detections. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/24/22 Protection Event Time: 11:14 AM Log File: 4236af00-9595-11ec-affe-70bc107260c6.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.51607 License: Premium -System Information- OS: Windows 10 (Build 19044.1526) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, explorer.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: explorer.exe URL: (end) Let me know what else is needed. Also, I am in the middle of a big project so to fix the issue temporarily I turned off the protection for Excel and it is working fine but then it is not protected. Thank you. Lynnette Link to post Share on other sites More sharing options...
Lynnette Posted February 24, 2022 ID:1504221 Share Posted February 24, 2022 Here you go: This is just one of the RTP detections. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/24/22 Protection Event Time: 11:14 AM Log File: 4236af00-9595-11ec-affe-70bc107260c6.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.51607 License: Premium -System Information- OS: Windows 10 (Build 19044.1526) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, explorer.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: explorer.exe URL: (end) Let me know what else is needed. Also, I am in the middle of a big project so to fix the issue temporarily I turned off the protection for Excel and it is working fine but then it is not protected. Thank you. Lynnette Link to post Share on other sites More sharing options...
Porthos Posted February 24, 2022 ID:1504230 Share Posted February 24, 2022 8 minutes ago, Lynnette said: Let me know what else is needed. After you finish your project and have an opportunity, Please do the following Uninstall and reinstall using the Malwarebytes Support Tool Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also. Once done it will attempt to reinstall both Malwarebytes and Privacy VPN. Please say no and close the X button on the top right for Privacy. Link to post Share on other sites More sharing options...
Lynnette Posted February 24, 2022 ID:1504234 Share Posted February 24, 2022 Thank you. I will give that a try later and let you know if it works. 1 Link to post Share on other sites More sharing options...
Staff Arthi Posted February 24, 2022 Staff ID:1504249 Share Posted February 24, 2022 Hi Lynette, You can also turn off "Office WMI abuse protection" for MS Office instead of turning off Excel protection itself. Thanks. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now