Jump to content

Recommended Posts

Hello, all. In the process of making my first route on Trainz using TransDEM, and have followed all the steps in the tutorial, up to the point where i need to open Java OpenStreet Map (JOSM). This, however, is where i ran into an issue, as Malwarebytes is blocking it, saying it's an exploit. Even putting the .jar file on the allow list did not solve this issue.

Here is the report below

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/20/20
Protection Event Time: 3:44 PM
Log File: e46b0fba-e325-11ea-8374-1c1b0d44956b.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.1003
Update Package Version: 1.0.28789
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Users\Chase Ford\Documents\powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[System.Net.WebRequest]::Create('https:\roottest-g2.pkioverheid.nl').GetResponse(), Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Java
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Users\Chase Ford\Documents\powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[System.Net.WebRequest]::Create('https:\roottest-g2.pkioverheid.nl').GetResponse()
URL:

(end)

Link to post
Share on other sites

  • Staff

Greetings,

Until a member of the staff can respond and address the FP, you will likely need to disable one of the settings for blocking Java exploits in Malwarebytes.  To do so, open Malwarebytes and access settings by clicking the small gear icon in the upper right, then navigate to the Security tab and locate the Exploit Protection section near the bottom, then click the Advanced settings button, then click the Java protection tab on the right (you can click the arrow displayed at the top right of the tabs to scroll over the list of tabs if you don't see the Java protection tab), then uncheck the checkbox next to one of the options and click Apply, then try to load your Java application again to see if it now works.  If it does not, then re-check the box next to the item you previously disabled to re-enable it, then uncheck the box next to the next item in the Java protection tab and once more click Apply and try your Java application again to see if it is allowed to run and repeat the process until you find the correct option which allows the Java app to run.

Optionally, you may temporarily disable Exploit Protection by right-clicking the Malwarebytes tray icon and clicking on Exploit Protection: On and clicking Yes to the UAC prompt, then run your Java app and re-enable Exploit Protection once you are done to resume protection.

I hope this helps.

Link to post
Share on other sites

8 minutes ago, exile360 said:

Greetings,

Until a member of the staff can respond and address the FP, you will likely need to disable one of the settings for blocking Java exploits in Malwarebytes.  To do so, open Malwarebytes and access settings by clicking the small gear icon in the upper right, then navigate to the Security tab and locate the Exploit Protection section near the bottom, then click the Advanced settings button, then click the Java protection tab on the right (you can click the arrow displayed at the top right of the tabs to scroll over the list of tabs if you don't see the Java protection tab), then uncheck the checkbox next to one of the options and click Apply, then try to load your Java application again to see if it now works.  If it does not, then re-check the box next to the item you previously disabled to re-enable it, then uncheck the box next to the next item in the Java protection tab and once more click Apply and try your Java application again to see if it is allowed to run and repeat the process until you find the correct option which allows the Java app to run.

Optionally, you may temporarily disable Exploit Protection by right-clicking the Malwarebytes tray icon and clicking on Exploit Protection: On and clicking Yes to the UAC prompt, then run your Java app and re-enable Exploit Protection once you are done to resume protection.

I hope this helps.

That did the trick. Disabling "Prevent web-based Java command line operations" has allowed me access. Thanks!

Link to post
Share on other sites

  • Staff

Excellent, I'm glad that it helped :) 

By the way, just FYI, at the request of another user, I will be submitting a request to the Product team to make excluding items/individual scripts (such as your detected .JAR file) from Exploit Protection easier and more intuitive, similar to how objects may currently be excluded from the other protection modules (though it is possible that the behavior based detection methods used by Exploit Protection make it too difficult or impossible to implement such an exclusion function, since technically it is actually detecting the behavior of the process, not really the script/.JAR file itself, but that's for Malwarebytes' Developers to figure out).

Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.