Jump to content

Word inaccessible: "object abuse blocked"


HopaFav
Go to solution Solved by AdvancedSetup,

Recommended Posts

Hello all. I am having what seems to be a common problem. Unfortunately neither of the fixes I've found on the forum worked for me (restoring defaults for Application behavior protection or unchecking Office WMI abuse prevention). Only Word is affected: PowerPoint and Excel docs open fine (I don't use Outlook).  Here's the report I get whenever I try to open a Word file. Will be grateful for help!

-Log Details-
Protection Event Date: 9/19/21
Protection Event Time: 2:59 PM
Log File: a63bf654-197b-11ec-95b1-309c23813452.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45124
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1237)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Users\noraf\.....

-Exploit Data-
Affected Application: Microsoft Office Word
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office VBE7 object abuse blocked
File Name: C:\Users\noraf\.....

URL: 

(end)

Link to post
Share on other sites

Hello HopaFav and welcome to Malwarebytes,

Does this happen to word documents you create yourself, word documents you download or any word document regardless of origin... If you have a word document that is blocked but of no real importance can you zip up and attach to next reply...

You may have to uncheck the option in the attached image to access the document..

Thanks,

Kevin

VBE7.JPG

Link to post
Share on other sites

Hiya HopaFav,

I had the same problem trying to open the attached file, only way was to save the file, put word into protected mode then I could open the file without a block from Malwarebytes. I believe this is a false positive, i`ve checked the file out that you attached and there is nothing wrong that I can find...

Maybe @shadowwar @miekiemoes or @AdvancedSetup will take a look at this one and comment...

All I can suggest is to leave the VBE7 option unchecked until this problem is fixed....

Thank you,

Kevin..

Link to post
Share on other sites

  • Root Admin
  • Solution

Hello @HopaFav

There is nothing wrong with the document. The alert is due to some changes we've made to improve exploit protection. Unfortunately for some it triggers this block. We're working on tuning that and hopefully should have an update out before too long to stop this false alert.

Thank you

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.