Jump to content

.xls macro triggers exploit after MBAM updated today

Recommended Posts

I have a number of .xls files that have macros.  Two of them are loaded at excel start-up.  Both were able to load with no complaints.  Today, MBAM did an update, and now both are being flagged, and it shuts down Excel immediately. 

I was able to get past the problem on the first xls file that loads (this is in my Xlstart folder), by adding it to the "Allow" list.   The first file (macros1opener.xls) opens macros1.xls.   Although I also added macros1.xls to the Allow list, it still triggered the "Exploit Office VBA Abuse" block. 

I have managed to override this by disabling Office VBA7 abuse protection.   A rather blunt instrument .

MBAM broke something with this last update.   Please help.


MBAM exploit VBA7 blocked.jpg

Link to post
Share on other sites


Until a staff member can respond, please post a copy of one of the reports showing the detection.  You should be able to find it by clicking on the Detection History area on the bottom left of the main UI, then selecting the History tab and selecting one of your recent reports for the exploit block and double-click it to open it and click the Export link at the bottom and either export it as text and attach the log to your next post, or select the option to copy it to your clipboard and paste it into your response.  The log should help them to determine precisely why this is being blocked and hopefully help to enable them to fix it.

It may also prove helpful to provide a set of diagnostic logs from the system.  To do so, please do the following:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply


Link to post
Share on other sites

Having the same issue, the "Recovery" option deletes all code without recourse, which is understandable but extremely annoying. If it will help:

  • Added two ActiveX command buttons, plus a macro module, and tested - all good
  • Realised I needed to change the name properties on both buttons, did so, added click events to the new names, no change to the macro code - all good
  • Realised I had a typo in one button name, changed again (both buttons now named cmb??????), no change to the macro code, added a click event - exploit warning


Link to post
Share on other sites

Until a member of the staff can respond, if you haven't done so already, please try restoring Exploit Protection to its default settings by following the instructions in this post:

Please let us know if that eliminates the blocks or not.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.