Jump to content

Malwarebytes blocking excel


Differentunic
 Share

Recommended Posts

I made an excel spreadsheet that malwarebytes blocks due to an "exploit". All I do to get this is click on a hyperlink.

Here is the report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/11/20
Protection Event Time: 8:47 PM
Log File: beb3c3f8-9374-11ea-a1af-6c2b5977f5e7.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.896
Update Package Version: 1.0.23664
License: Premium

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- https:\www.carsales.com.au\, Blocked, 0, 392684, 0.0.0

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -- https:\www.carsales.com.au\
URL: 

(end)

Link to post
Share on other sites

  • 1 month later...

I'm having the same issue but that box is not checked.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/25/20
Protection Event Time: 4:04 PM
Log File: 7ff0e2aa-b727-11ea-b2db-c03fd55d83e6.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.955
Update Package Version: 1.0.26019
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE, Blocked, 0, 392685, 0.0.0


(end)

Link to post
Share on other sites

Log File:  1B7 4BFD6-BA38-11EA-930E-9CB654F6DB5CJ

System Info:  Wind10 (Build 18362.900)

CPU:  X64

File System Type: NTFS

User:  System

Software Info: Version 4.1.0.56

Component Package Version:  1.0.955

Update Package Version:  1.0.26157

Thank You!!

 

Link to post
Share on other sites

Same here, Excel just blocked, log file attached

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/30/20
Protection Event Time: 3:38 PM
Log File: 53ab7fa0-badf-11ea-974a-b42e99339a53.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.955
Update Package Version: 1.0.26199
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Blocked, 0, 392685, 0.0.0


(end)

mbae-default.log

Link to post
Share on other sites

  • 4 months later...

I've been getting this block as wel for a week or so. Here are the settings and the log.

image.png.f316b0a69469544136ad59036b8cbbaa.png

Malwarebytes
www.malwarebytes.com

-Logoplysninger-
Dato for beskyttelseshændelse: 04.11.2020
Tidspunkt for beskyttelseshændelse: 09.16
Logfil: 143609e4-1e76-11eb-a1d4-94659cceca3d.json

-Softwareoplysninger-
Version: 4.2.2.95
Komponentversion: 1.0.1096
Opdatér pakkeversion: 1.0.32464
Licens: Premium

-Systemoplysninger-
OS: Windows 10 (Build 18362.1139)
CPU: x64
Filsystem: NTFS
Bruger: System

-Oplysninger om udnyttelse-
Fil: 0
(Ingen skadelige elementer registreret)

Udnyttelse: 1
Malware.Exploit.Agent.Generic, , Blokeret, 0, 392684, 0.0.0, , 

-Data for udnyttelse-
Berørt program: Microsoft Office Excel
Beskyttelseslag: Application Behavior Protection
Beskyttelsesteknik: Exploit payload macro process blocked
Filnavn: 
URL-adresse: 

(end)

Link to post
Share on other sites

17 minutes ago, jozefvl said:

I've been getting this block as wel for a week or so. Here are the settings and the log.

image.png.f316b0a69469544136ad59036b8cbbaa.png

Malwarebytes
www.malwarebytes.com

-Logoplysninger-
Dato for beskyttelseshændelse: 04.11.2020
Tidspunkt for beskyttelseshændelse: 09.16
Logfil: 143609e4-1e76-11eb-a1d4-94659cceca3d.json

-Softwareoplysninger-
Version: 4.2.2.95
Komponentversion: 1.0.1096
Opdatér pakkeversion: 1.0.32464
Licens: Premium

-Systemoplysninger-
OS: Windows 10 (Build 18362.1139)
CPU: x64
Filsystem: NTFS
Bruger: System

-Oplysninger om udnyttelse-
Fil: 0
(Ingen skadelige elementer registreret)

Udnyttelse: 1
Malware.Exploit.Agent.Generic, , Blokeret, 0, 392684, 0.0.0, , 

-Data for udnyttelse-
Berørt program: Microsoft Office Excel
Beskyttelseslag: Application Behavior Protection
Beskyttelsesteknik: Exploit payload macro process blocked
Filnavn: 
URL-adresse: 

(end)

Oh well, updating Windows has made this problem go away

Link to post
Share on other sites

19 hours ago, Arthi said:

Hi All,

Can you make sure that "Block penetration testing attacks" setting is also turned OFF. You can find it near the Advanced Exploit Settings button.

Thanks.

That's the one preventing the opening of the Excel files. Switching it off fixed it -- even on OneDrive. But is the switching off of protection really the answer?

Link to post
Share on other sites

  • Staff
8 minutes ago, Ermath said:

That's the one preventing the opening of the Excel files. Switching it off fixed it -- even on OneDrive. But is the switching off of protection really the answer?

That particular setting isn't really a protection from actual in-the-wild threats.  Penetration testing attacks are tools and methods used by professional white hat infiltrators which simulate attacks but aren't actual threats and this setting is specifically used for the purpose of detecting their tools and methods so it isn't going to guard against any real attacks or infections (this is also why it is configured to be off by default).

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.