RickF- Posted September 20, 2021 ID:1480760 Share Posted September 20, 2021 Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/20/21 Protection Event Time: 11:09 AM Log File: c789b8ba-1a24-11ec-8e53-3cecef87a136.json -Software Information- Version: 4.4.6.132 Components Version: 1.0.1453 Update Package Version: 1.0.45150 License: Premium -System Information- OS: Windows 10 (Build 19042.1237) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, ComSpec=C:\windows\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit Office WMI abuse blocked File Name: ComSpec=C:\windows\system32\cmd.exe URL: (end) I think this is false positive? How to fix? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 20, 2021 Root Admin ID:1480801 Share Posted September 20, 2021 Hello @RickF- To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
Solution Porthos Posted September 20, 2021 Solution ID:1480803 Share Posted September 20, 2021 1 hour ago, RickF- said: Protection Technique: Exploit Office WMI abuse blocked Uncheck the following in advanced exploit settings and click apply. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now