Jump to content

How do you make MB obey its own Allow list?


Recommended Posts

I'm fuming a bit at MB's behaviour... (as a new MB user, but an old hand in matters IT, and an old-fashioned hand too I guess)

MB should be zealous in blocking stuff; that's what it's supposed to do
but I'm NOT HAPPY when it seemingly won't obey its own   Allow list

I have an app in Excel VBA which is required to validate UK PostCodes
The only way I have found todo it is by Reg Expression - like this

(?:(?:A[BL]|B[ABDHLNRST]?|C[ABFHMORTVW]|D[ADEGHLNTY]|E[CHNX]?|F[KY]|G[LUY]?|H[ADGPRSUX]|I[GMPV]|JE|K[ATWY]|L[ADELNSU]?|M[EKL]?|N[EGNPRW]?|O[LX]|P[AEHLOR]|R[GHM]|S[AEGKLMNOPRSTWY]?|T[ADFNQRSW]|UB|W[ACDFNRSV]?|YO|ZE)\d(?:\d|[A-Z])? \d[A-Z]{2})

MB decides it wants to block VBScript.dll as dangerous... OK It COULD be dangerous, sometimes, bit it's not when checking Postcodes
The error message says object creation failed.
Pre MB I've never had a problem.
I installed MB 2 days ago, and this happens on my first test where the RegEx is used.

So I added to the Allow list the XLSM macro file, its folder, and the full path to VbScript.DLL and configured MB to exclude from all detections

BUT it won't obey.
How do I make it compliant to get on with my testing?

Not happy

Spilly81

Link to post
Share on other sites

2 minutes ago, Spilly81 said:

How do I make it compliant to get on with my testing?

There are some issues with Excel and exploit protection. Use the following screenshots and restore exploit detection to default. If that does not work please do the following.

Can you please collect and upload as an attachment the diagnostic data using our MBST?

  • Download and run the Malwarebytes Support Tool
  • Accept the EULA and click Advanced tab on the left (not Start Repair)
  • Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
  •  

2020-09-27_10h52_23.png

2020-09-27_10h53_06.png

Link to post
Share on other sites

I'm mightily impressed by the speed of response in this forum

This is only my 2nd thread; the response to my first was excellent, helpful and v informative

 

I've re-written an Excel Forms app, written in VBA.
I like to think I know my VBA pretty well, tho I'm still learning

The code fails on CreateObject for the RegExp object
I have the proper library refs all set in Tools/References - makes coding so much easier

Herewith the Zip file as requested

Spilly81

mbst-grab-results.zip

Link to post
Share on other sites

Unfortunately, exclusions in the allow list for Malwarebytes do not apply to Exploit Protection because of its behavior based nature and I suspect that this detection is due to one of its default protections.

Please open Malwarebytes and return to the Advanced settings for Exploit Protection then uncheck the box for Disable loading of VBScript libraries under the MS Office column then click Apply.  Wait about 20 seconds for the application to have a chance to refresh, then try executing your app again and see if it is still blocked or not.

Please let us know how it goes.

Thanks

Link to post
Share on other sites

@Spilly81 I do have a couple of suggestions.

Set updates back to the default hourly interval. Malwarebytes issues updates at least a dozen times a day.

Quote

Check for Updates Every:                                           360 Minutes

Quote

Fast Startup:                    On

I suggest turning off fast startup in Windows. Then restart.

https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html

Link to post
Share on other sites

Gotta say I'm impressed by the MB Support Tool
It's got all you need - Sys Analysis zipped up with a Get Out Of Jail Free card on top.


@Exile360
Unfortunately I played that card BEFORE reading your advice  😫
AND, on my own instinct and wanting to get on and not mess around, I've done a CLEAN too
So I'm settling for a Cleaned-No-MB system for a day or two. 

I will re-install and report back when my app runs cleanly in a non-MB environment.

I stumbled across the MSOffice VBScript switch late last night (it's 0630 here now) and turned it off
but, in ignorance of the mechanism, I didn't wait before my re-test, and so assumed that didn't work either


@Porthos
Your suggestion on fast startup suggests that MB is part of the kernel.
If that's the case, could you clarify what goes on, conceptually at least, please?
a few urls wd be OK...
Thinking about it, the kernel wd be the right place for best protection.
I'm curious to understand those mechanisms. 

I'm an MB first-timer, but have been in IT since graduation (i.e. paid 1960-2007, and unpaid since) 
I spent all my time in very ordinary application development & management;
"cooking" computing I used to call it, rather than in system software development

 

spilly 81

Link to post
Share on other sites

It is my understanding that the issues with fast startup in Windows 10 lie primarily with the way it modifies how a system and its processes normally launch on boot because it terminates certain items (user mode processes) and leaves others in a suspended/still running state in system RAM (system mode processes, drivers and services etc.) and because of the way that Malwarebytes launches itself on boot, using the startup process of its service to launch its associated user mode process (the tray), fast startup can disrupt and essentially break this process, resulting in Malwarebytes not starting as it should.  Malwarebytes is not the only application affected by the fast startup feature either.  There have been many reported issues with applications failing to start properly when this function is enabled (which sadly it is by default; a poor decision on Microsoft's part in my opinion, especially given the rising prominence of fast SSDs which somewhat negate the feature's benefits).

Further details on fast startup and why it might best be disabled can be found here if you're curious.

Doing a clean install of Malwarebytes won't hurt anything, and if you run into any problems getting your license to activate, please refer to the information in this support article and this support article and if you need any details on signing up for an account at My.Malwarebytes.com, assuming you haven't done so already, that information is located in this support article.

I hope this helps.

Link to post
Share on other sites

  • Root Admin
1 hour ago, exile360 said:

Further details on fast startup and why it might best be disabled can be found here if you're curious.

 

But do yourself a favor @Spilly81 and make sure you have a good Ad Blocker before visiting that site. It has a ton of Ads and secondary domains it connects to.

 

You may be interested in using our new Malwarebytes Browser Guard to help protect your browser from items that uBlock or others don't target.

Please consider installing uBlock Origin for your browsers to better protect your system.

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock Plus for Internet Explorer

 

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.