CharlieCat Posted September 11, 2021 ID:1479361 Share Posted September 11, 2021 Starting yesterday Malwarebytes is blocking all Excel files saying Exploit Blocked. What do I need to do to get access to my Excel files? Thank you. Link to post Share on other sites More sharing options...
PaulW1 Posted September 12, 2021 ID:1479398 Share Posted September 12, 2021 I have the same problem. Link to post Share on other sites More sharing options...
Porthos Posted September 13, 2021 ID:1479487 Share Posted September 13, 2021 Please post the log showing the detection so we can advise which of the exploit sections to disable to keep from turning it all off. Link to post Share on other sites More sharing options...
jfjoyner3 Posted September 13, 2021 ID:1479495 Share Posted September 13, 2021 I have the same problem. Mine is caused by an excel add-in trying to use wscript/shell. The developer of the add-in says it is a false positive and he has had this experience with mwb before. Link to post Share on other sites More sharing options...
Porthos Posted September 13, 2021 ID:1479499 Share Posted September 13, 2021 (edited) 31 minutes ago, jfjoyner3 said: I have the same problem Please see your other topic. Edited September 13, 2021 by Porthos Link to post Share on other sites More sharing options...
CharlieCat Posted September 13, 2021 Author ID:1479662 Share Posted September 13, 2021 Porthos ... is this what you want to see? Link to post Share on other sites More sharing options...
Porthos Posted September 14, 2021 ID:1479716 Share Posted September 14, 2021 Export to clipboard and post here. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 14, 2021 Root Admin ID:1479718 Share Posted September 14, 2021 You can find Scan and Protection logs within the Malwarebytes 4 program in the following location RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged If you click on the View option you should get something similar to the following with other options available. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 14, 2021 Root Admin ID:1479719 Share Posted September 14, 2021 However, in some cases, we may need you to enable the Enhanced logging in the General Settings and then duplicate the issue. Then gather logs for us. Then turn the Enhanced logging off. To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
CharlieCat Posted September 14, 2021 Author ID:1479774 Share Posted September 14, 2021 Does this work for youExploit File.txt Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/14/21 Protection Event Time: 10:43 AM Log File: 0c041216-156a-11ec-b65e-dc41a9aa1125.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.44964 License: Premium -System Information- OS: Windows 10 (Build 19041.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, ComSpec=C:\Windows\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: ComSpec=C:\Windows\system32\cmd.exe URL: (end) ? Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted September 14, 2021 Root Admin Solution ID:1479781 Share Posted September 14, 2021 Please try the following @CharlieCat Open Malwarebytes, click the small gear on the top right and go to the Security tab. Scroll down to the bottom and click the Advanced Settings button Click on the Application behavior protection tab Scroll down to "Office WMI abuse prevention" and uncheck it Let us know if that stops the alert, block for you. Thanks Link to post Share on other sites More sharing options...
CharlieCat Posted September 14, 2021 Author ID:1479793 Share Posted September 14, 2021 Yes, that fixed it. Is MS Office still protected? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 14, 2021 Root Admin ID:1479814 Share Posted September 14, 2021 Yes, that only removes one of the many protections as we continue to investigate why this is being triggered for some users. Thank you Link to post Share on other sites More sharing options...
CharlieCat Posted September 14, 2021 Author ID:1479818 Share Posted September 14, 2021 Thank you. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now