Jump to content

Recommended Posts

My PC just got updated to MBAE V 1.13.1.424 and suddenly it started blocking all Powerpoint files because it opens splwow64.exe. I am also unable to exclude this "threat" as it does not show the bin symbol.

If I stop the protection, work on the PPT file, close the file and then restart MBAE, then MBAE does not kick-in again.

Please fix this bug.

Thanks.

Link to post
Share on other sites

I started having the exact same thing happen last week, but with Microsoft Word.  The pop-up I get is as follows:

Application:  Microsoft Office Word

Protection Layer:  Application Behavior Protection

Protection Technique:  Exploit payload process blocked

File/Process Blocked:  C:\Windows\splwow64.exe  C:\Windows\splwow64.exe 8192

Attacking URL:  N/A

 

I cannot open any word file absent this popup.  Please advise how to proceed absent disabling Anti-Exploit.  

Link to post
Share on other sites

Hi Arthi,

thanks for the guidance.

At my end, turning off "Detect penetration testing attacks" will not trigger the block. Interestingly, turning it on back again afterwards, does not trigger the block either.

It appears that any change in settings or behavior (eg turning the protection off and then on again) disable the block, even if you then re-establish the pre-existing conditions that were causing the block in the first place.

Hope it helps.

Look forward to a solution.

Thanks.

Link to post
Share on other sites

That seemed to do the trick - I turned off "Detect penetration testing attacks," re-enabled the shield for word and now I'm able to open word documents.  I would like to reactive penetration testing attacks at some point.  Please advise when I may be able to do so. 

Thank you for your assistance. 

Link to post
Share on other sites

34 minutes ago, cowboyman said:

I turned off "Detect penetration testing attacks,"

 

37 minutes ago, cowboyman said:

I would like to reactive penetration testing attacks at some point.  Please advise when I may be able to do so. 

That setting is off by default for a reason. Just like "Use expert system algorithms to identify malicious files" and Rootkit scanning should not be enabled as well.

Link to post
Share on other sites

Default settings are the best settings for the normal average user.

Use expert system algorithms

This setting is in the experimental stage.

That setting is to detect malformed files, but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed, you can tell the difference between a FP and a legit detection. 

Rootkit scanning should  should be only used every once in a while.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.