Intucom Posted September 15, 2021 ID:1479887 Share Posted September 15, 2021 Hi @all, we are using Endpoint Protection for our Windows Server 2019 machines. Since last week we are receiving several "Exploit"-Detections (see attached screenshot) on different machines on different networks in regular intervals (all affected machines have TerminalServer-Services enabled and more than 20 users are working on them). Thankfully those "Exploits" are getting blocked, but obviously the cause cannot be removed or suppressed - which is quite unfortunate. The "Location"-Attribute of the detections is making me nervous (ComSpec=C:\Windows\system32\cmd.exe seems pretty dangerous) - any idea how to track down the cause or the corrupt program/file (if there is any)? Any idea how to prevent those Exploit-Detections? Thanks in advance Link to post Share on other sites More sharing options...
Staff knguyen1 Posted September 15, 2021 Staff ID:1479997 Share Posted September 15, 2021 Hi @Intucom Can you please check your messages? I sent you something regarding this issue. Thank you, Link to post Share on other sites More sharing options...
bw2868 Posted September 16, 2021 ID:1480104 Share Posted September 16, 2021 Our users are getting this regularly with word and excel documents - is this a bug? Link to post Share on other sites More sharing options...
Roadrunner562 Posted September 16, 2021 ID:1480106 Share Posted September 16, 2021 I’m also seeing it regularly with word. How can we turn it off if it’s a bug? Link to post Share on other sites More sharing options...
Staff knguyen1 Posted September 16, 2021 Staff ID:1480185 Share Posted September 16, 2021 @bw2868 I found a Nebula/Endpoint Protection subscription under your e-mail. I'll open up a support ticket and reach out to you from there. @Roadrunner562 Are you using our enterprise/business products? I only found a consumer product subscription under your e-mail address, so you may have a similar issue but the procedures for resolution would be different. As I only support our enterprise products, please reach out to our consumer support team, or post in the appropriate forum section. Here is the link to open a ticket or reach consumer support - https://support.malwarebytes.com/hc/en-us/requests/new (Select Home User) If I'm incorrect and you do have a business subscription, could you please direct message me the e-mail address I would find it under? Link to post Share on other sites More sharing options...
Solution Intucom Posted September 17, 2021 Author Solution ID:1480294 Share Posted September 17, 2021 According to @knguyen1, who sent me a direct message. It IS a bug, which will be fixed in an upcoming version update. Quote In regards to the issue itself, it is a bug from a recent update and there is one option you can disable, but a more permanent fix should be released in a couple weeks. For us, it is sufficient enough to know that those are just false positives, so we do not need to disable this warning. If you want to disable this you can reach out to @knguyen1. I will mark this topic as solved. Link to post Share on other sites More sharing options...
mynetworks Posted September 28, 2021 ID:1481894 Share Posted September 28, 2021 What is the best way to stop the frequent warnings so the end user(s) aren't being bothered by it every 20 minutes or so? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 28, 2021 Root Admin ID:1481925 Share Posted September 28, 2021 Hello @mynetworks If you're using a business product on your customers it's best to create a Support Ticket and have someone from business support assist you. https://support.malwarebytes.com/hc/en-us/requests/new Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now