Blocking Excel

[CharlieCat]

Starting yesterday Malwarebytes is blocking all Excel files saying Exploit Blocked.    What do I need to do to get access to my Excel files?  Thank you.

[PaulW1]

I have the same problem.

[Porthos]

Please post the log showing the detection so we can advise which of the exploit sections to disable to keep from turning it all off.

[jfjoyner3]

I have the same problem. Mine is caused by an excel add-in trying to use wscript/shell. The developer of the add-in says it is a false positive and he has had this experience with mwb before.

[Porthos]

31 minutes ago, jfjoyner3 said:

I have the same problem

Please see your other topic.

 

Edited September 13, 2021 by Porthos

[CharlieCat]

Porthos ... is this what you want to see?

[Porthos]

Export to clipboard and post here.

[AdvancedSetup]

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

 

If you click on the View option you should get something similar to the following with other options available.

 

 

 

 

 

[AdvancedSetup]

However, in some cases, we may need you to enable the Enhanced logging in the General Settings and then duplicate the issue. Then gather logs for us. Then turn the Enhanced logging off.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

[CharlieCat]

Does this work for youExploit File.txt

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/14/21
Protection Event Time: 10:43 AM
Log File: 0c041216-156a-11ec-b65e-dc41a9aa1125.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.44964
License: Premium

-System Information-
OS: Windows 10 (Build 19041.1165)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, ComSpec=C:\Windows\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office WMI abuse blocked
File Name: ComSpec=C:\Windows\system32\cmd.exe
URL: 

(end)

?

[AdvancedSetup]

Please try the following @CharlieCat

 

Open Malwarebytes, click the small gear on the top right and go to the Security tab.
Scroll down to the bottom and click the Advanced Settings button
Click on the Application behavior protection tab
Scroll down to "Office WMI abuse prevention" and uncheck it

 

 

Let us know if that stops the alert, block for you.

Thanks

 

 

[CharlieCat]

Yes, that fixed it.  Is MS Office still protected?

[AdvancedSetup]

Yes, that only removes one of the many protections as we continue to investigate why this is being triggered for some users.

Thank you

 

[CharlieCat]

Thank you.