False positive in Outlook?

[didero]

Since a few days I get sometimes a popup from Malwarebytes that an exploit has been blocked.

I am just using Outlook and no suspicious e-mails are there. Any idea?

 

-Logboekdetails-
Datum beveiligingsgebeurtenis: 20-10-2020
Tijd beveiligingsgebeurtenis: 15:39
Logbestand: a0240800-12d9-11eb-8faa-54ee750b3b05.json

-Software-informatie-
Versie: 4.2.1.89
Versie componenten: 1.0.1070
Update pakketversie: 1.0.31676
Licentie: Premium

-Systeeminformatie-
Besturingssysteem: Windows 10 (Build 18362.1139)
Processor: x64
Bestandssysteem: NTFS
Gebruiker: System

-Details van exploit-
Bestand: 0
(Geen kwaadaardige items gedetecteerd)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, Geblokkeerd, 0, 392684, 0.0.0, , 

-Exploit-gegevens-
Getroffen toepassing: Microsoft Outlook
Beveiligingslaag: Application Behavior Protection
Beveiligingstechniek: Exploit payload process blocked
Bestandsnaam: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
URL: 

[Porthos]

44 minutes ago, didero said:

Any idea?

Do 2 things,

Be sure penetration setting is off. And in the second screenshot reset each section to default.

 

 

•  

[RDCollins]

I suddenly had the same issue when I restarted my computer. this morning Every time I started Outlook 360, the program would close during send/receive. This fixed it, so thanks. 

Malwarebytes reported that the problem was with two files in the Microsoft directories, FLTLDR.EXE and GIFIMP32.FLT (see attached screen shot).  Before finding and implementing the fix you described, I found the two EXE files and temporarily renamed them, and that also fixed the problem — but I was uncomfortable with that change as I had no idea what those files did, so after implementing your fix I changed their names back to the original.

So, query — any idea what FLTLDR.EXE and GIFIMP32.FLT are supposed to do? Apparently they aren't essential to Outlook. 

BTW, all of my advance settings in Malwarebytes Premium 4.2.3 were already in the default position, so simply turning off the "block penetration testing attacks" was apparently enough to cure the issue. The odd thing is I didn't turn on that setting, or at least not recently (if I ever did, I don't remember doing so). 

So thanks again! Much appreciated, panic averted! 

[Porthos]

6 minutes ago, RDCollins said:

BTW, all of my advance settings in Malwarebytes Premium 4.2.3 were already in the default position

Even though the GUI shows it is default it was not.

 

7 minutes ago, RDCollins said:

so simply turning off the "block penetration testing attacks" was apparently enough to cure the issue. The odd thing is I didn't turn on that setting, or at least not recently (if I ever did, I don't remember doing so). 

That setting should not be turned on by default anyway.

[RDCollins]

Thanks for the swift reply! My business largely depends on Outlook! 

I guess I must have turned on the "block perpetration testing attacks" at some point in a paranoid fit of trying to protect my new computer as much as possible — but the problem didn't appear until this morning.

Any thought as to why that would be? Maybe some attempt to exploit on of those files or something?