Jump to content

Powerpoint - Exploit Office WMI abuse blocked


Leebo

Recommended Posts

I am having an issue after a recent Malewarebytes update.

     When I open a powerpoint file, malewarebytes closes it down as a RTP detection event stating:

     Exploit = Malware.Exploit.Agent.Generic

     Location = ComSpec=c:\windows\system32\cmd.exe

     Technique = Exploit Office WMI abuse blocked

 

This only happens when I open a powerpoint file directly. I can open powerpoint alone and it is fine. I can also open a ppt file in running powerpoint without issue.

I have run MSERT.exe, adwcleaner_8.3.0, RogueKiller_portable all without finding any issues.

This is PowerPoint 2013.

What can I do to fix this?

Does Malewarebytes have a issue with powerpoint 2013?

Link to post
Share on other sites

  • Root Admin

Hello @Leebo

Open Malwarebytes, click the small gear on the top right and go to the Security tab.
Scroll down to the bottom and click the Advanced Settings button
Click on the Application behavior protection tab
Scroll down to "Office WMI abuse prevention" and uncheck it

 

image.png

image.png

 

Thank you

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.