Jump to content

News for ticket 3207915


Recommended Posts

Hello,
Unless I am mistaken, I still have no news about the ticket: 3207915
I have followed the procedure for sending a log via Malwarebytes Support Ticket.
The software was at the end of its process, and confirmed that the action was successful.
My last return request email was dated 01/10/2020 and I still have no news.
What should I do to solve my problem?
Best regards.

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Hello,
We cannot print a rather basic file in Excel 2013.
Only this file is concerned.
The problem occurs if we use a particular label printer: Citizen CLP-621.
We have a notification that appears: "exploit blocked".
And we can't print the labels.

 

 

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 06/10/2020
Heure de l'événement de protection: 09:54
Fichier journal: 1aff4666-07a9-11eb-a294-f079598b8343.json

-Informations du logiciel-
Version: 4.2.1.89
Version de composants: 1.0.1045
Version de pack de mise à jour: 1.0.30876
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 19041.508)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails de l'exploit-
Fichier: 0
(Aucun élément malveillant détecté)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp, Bloqué, 0, 392684, 0.0.0, ,

-Données de l'exploit-
Application concernée: Microsoft Office Excel
Couche de protection: Application Behavior Protection
Technique de protection: Exploit LoadLibrary attempt blocked
Nom du fichier: C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp
URL:

 

(end)

 

Link to post
Share on other sites

Hello,
We cannot print a rather basic file in Excel 2013.
Only this file is concerned.
The problem occurs if we use a particular label printer: Citizen CLP-621.
We have a notification that appears: "exploit blocked".
And we can't print the labels.

I can print if I disable the MS Office related settings in the Advanced Exploit Protection settings.

 

 

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 06/10/2020
Heure de l'événement de protection: 09:54
Fichier journal: 1aff4666-07a9-11eb-a294-f079598b8343.json

-Informations du logiciel-
Version: 4.2.1.89
Version de composants: 1.0.1045
Version de pack de mise à jour: 1.0.30876
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 19041.508)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails de l'exploit-
Fichier: 0
(Aucun élément malveillant détecté)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp, Bloqué, 0, 392684, 0.0.0, ,

-Données de l'exploit-
Application concernée: Microsoft Office Excel
Couche de protection: Application Behavior Protection
Technique de protection: Exploit LoadLibrary attempt blocked
Nom du fichier: C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp
URL:

 

(end)

 

Link to post
Share on other sites

10 minutes ago, MickCQM said:

C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp

Where are you opening the file from? Malwarebytes protects the temp folder pretty tightly.

Are you opening it directly from an email? if so download it first before opening it and what happens.

Link to post
Share on other sites

There have been multiple cases of exploit blocks with MS Office recently, though they don't all share the same cause.  Please do the following to see if it helps:

  • Open Malwarebytes and click on the small gear icon in the upper right of the main UI
  • Select the Security tab
  • Scroll to the bottom and click on the Advanced settings button
  • Click on the Restore Defaults button on the bottom left

Once that is done, wait around 30 seconds for things to settle down while Malwarebytes applies the changes, then test to see if the issue still occurs or not. 

Link to post
Share on other sites

Hello,
We cannot print a rather basic file in Excel 2013.
Only this file is concerned.
The problem occurs if we use a particular label printer: Citizen CLP-621.
We have a notification that appears: "exploit blocked".
And we can't print the labels.

I can print if I disable the MS Office related settings in the Advanced Exploit Protection settings.

 

 

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 06/10/2020
Heure de l'événement de protection: 09:54
Fichier journal: 1aff4666-07a9-11eb-a294-f079598b8343.json

-Informations du logiciel-
Version: 4.2.1.89
Version de composants: 1.0.1045
Version de pack de mise à jour: 1.0.30876
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 19041.508)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails de l'exploit-
Fichier: 0
(Aucun élément malveillant détecté)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp, Bloqué, 0, 392684, 0.0.0, ,

-Données de l'exploit-
Application concernée: Microsoft Office Excel
Couche de protection: Application Behavior Protection
Technique de protection: Exploit LoadLibrary attempt blocked
Nom du fichier: C:\ProgramData\Seagull\Drivers\Temp\ss#44D9.tmp
URL:

 

(end)

 

Link to post
Share on other sites

OK, that being the case, please see if disabling the Malicious LoadLibrary prevention option for MS Office under the advanced exploit settings under the Application behavior protection tab allows the file to be opened.  At least then we'll know what the precise cause is, and hopefully the staff can investigate and resolve the issue.

In the meantime, I'll ping the Technical Product Manager for Anti-Exploit to take a look and advise.

@Arthi would you please take a look and assist when you have a chance?  Thanks.

Edited by exile360
Link to post
Share on other sites

 

OK,

I have disabled the Malicious LoadLibrary prevention option, and the the problem is stil here.
but I don't understand what you mean when you say "under the Application behavior protection tab allows the file to be opened".

Could you guide me, step by step?

Thank you for your help!

 

 

 

 

 

 

 

Porthos:

The computer opens a file located on a Windows share ("my documents" Active Directory redirection).
I repeat that we do the same thing with another (really similar) file, without any problem.

 

exile360:

I followed your procedure, the problem persists.

 

 

Link to post
Share on other sites

  • Staff

Hello MickCQM

An automated reply was sent to your ticket yesterday with instructions to restore default.  If that did not resolve the issue, the instructions also asked you to upload logs from the Support tool.

I do see your logs here - I can work from these but will reply in your ticket within the next 15 minutes.   I'm closing this so as not to have multiple people providing instructions.

  • Thanks 1
Link to post
Share on other sites

  • Ried locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.