False positive Python virtual environment when debugging

[maxamillion]

Exploit protection has just started flagging python.exe (symlink) as an exploit when debugging in VScode.

I use mkvirtualenv https://virtualenvwrapper.readthedocs.io/en/latest/command_ref.html to create virtual environments for Python development.

mkvirtualenv creates a symbolic link to python to the environment folder when creating the environment.

I have tried adding the file (symbolic link) to the ignore list but this has no effect.

If I replace the symbolic link with the real file I have no further problems.

The only other option is to turn of Exploit Protection.

 

 

 

 

 

 

[maxamillion]

OK,

Today I had false positives for the python.exe executable so I have now disabled "Exploit Protection"

 

[maxamillion]

Still no resolution to the problem of Python virtual environments being detected as a  'Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , '

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/7/21
Protection Event Time: 3:11 PM
Log File: 0afb2eb6-0f9a-11ec-92ea-08d40cec9aa4.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.44716
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1202)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: C:\Users\xxxxx\Envs\sensorenv\Scripts\python.exe
Protection Layer: APT Behavior Protection
Protection Technique: T1003 - Credential Access
File Name: 
URL: 

(end)