Jump to content

Windows Update control panel in Windows 10


exile360

Recommended Posts

After rebooting to finish installing the latest round of Windows Updates from Microsoft, whenever I try to launch my shortcut to Windows Update which I have pinned to my START menu, Exploit Detection blocks and flags it as an exploit attempt; I'm not sure why we'd need to block the execution of Windows Update through explorer, but I'm thinking it's likely an FP:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/5/22
Protection Event Time: 11:52 PM
Log File: 89f4326c-9d11-11ec-be77-80fa5b64d0e8.json

-Software Information-
Version: 4.5.6.180
Components Version: 1.0.1630
Update Package Version: 1.0.51939
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1526)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent - Exploit payload process blocked, C:\Windows\explorer.exe C:\Windows\explorer.exe ms-settings:windowsupdate, Blocked, 0, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Windows Control Panel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\explorer.exe C:\Windows\explorer.exe ms-settings:windowsupdate
URL: 

(end)

 

Link to post
Share on other sites

  • Root Admin

@exile360 Welcome back to the fold 😁

When setting up a pin this way I'm not having an issue with it being blocked.

Click on Start / Search and  click on Settings

image.png

 

Then click on Update & Security

image.png

 

Right-click on Windows Update and select Pin to Start

image.png

 

Don't forget that the idea of Exploit blocking is to monitor and block obscure methods of using or running commands that are not all that typical. I'm not saying that the Exploit Team cannot help correct this, only that it's possibly doing it's job.

 

Link to post
Share on other sites

Nope, it's not Penetration Testing; I get the detection with Pen Testing disabled.

You can replicate this by viewing the Control Panel in "All Control Panel Items" view (not Categories view) and right-clicking the entry for Windows Update and selecting the option to create a shortcut and allow it to create the shortcut on your desktop when prompted; that shortcut will replicate the same detection (the START menu has nothing to do with the detection; it's triggering based purely on the shortcut).

I tried creating a shortcut for a different Control Panel item and got no detection, so it's specific to Windows Update, which explains the name of the detection (ms-settings:windowsupdate).

Link to post
Share on other sites

  • Root Admin
5 hours ago, exile360 said:

Nope, it's not Penetration Testing; I get the detection with Pen Testing disabled.

You can replicate this by viewing the Control Panel in "All Control Panel Items" view (not Categories view) and right-clicking the entry for Windows Update and selecting the option to create a shortcut and allow it to create the shortcut on your desktop when prompted; that shortcut will replicate the same detection (the START menu has nothing to do with the detection; it's triggering based purely on the shortcut).

I tried creating a shortcut for a different Control Panel item and got no detection, so it's specific to Windows Update, which explains the name of the detection (ms-settings:windowsupdate).

I'm not seeing an entry for Windows Update @exile360 perhaps you mean for us to go into another Applet?

image.png

Link to post
Share on other sites

Same problem here with Windows 11 and the most recent updates from this past tuesday.

Opening directly from the control panel works fine. Right clicking on Start and then picking device manager gets this error 100% of the time.

Wish I'd seen others having it before spending the morning looking for what infected my machine.

 

To reproduce, right click on the Windows Start icon, select 'device manager'. Boom.

Link to post
Share on other sites

21 minutes ago, Moose_and_squirrel said:

Same problem here with Windows 11 and the most recent updates from this past tuesday.

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

Link to post
Share on other sites

@Moose_and_squirrel I suggest a proper uninstall and reinstall of Malwarebytes. Do NOT change ANY of the default settings of the program. Please restart the computer after the reinstall. Then see if you can replicate the issue.

Please do the following Uninstall and reinstall using the Malwarebytes Support Tool

Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also.

Once done it will attempt to reinstall both Malwarebytes and Privacy VPN.

Please say no and close the X button on the top right for Privacy.

Edited by Porthos
Link to post
Share on other sites

I screwed up when I ran the repair tool above and it uninstalled and reinstalled it during that run through, before I generated the logs.


When I looked around after troubleshooting it myself, I see hundreds of reports involving malwarebytes and false positives since this past windows patch tuesday. That its affecting windows 10 AND 11 tells me that microsoft changed something up here.

Link to post
Share on other sites

3 minutes ago, Moose_and_squirrel said:

I screwed up when I ran the repair tool above and it uninstalled and reinstalled it during that run through, before I generated the logs.


When I looked around after troubleshooting it myself, I see hundreds of reports involving malwarebytes and false positives since this past windows patch tuesday. That its affecting windows 10 AND 11 tells me that microsoft changed something up here.

Both my 10 and 11 installs are fully updated and I can not replicate your issue.

Please follow thru with my instructions.

Link to post
Share on other sites

As I said, I did do that and problem not solved.

Thanks for the advice, but its pretty clear to me from the boatload of problems reported just about everywhere in the past 5 days that its related to the microsoft update from last week. That's the only change to my system in the past week.

I do have every single bit of windows protection turned on. My guess is its something involving those settings.

Either Microsoft will fix it or Malwarebytes will. In the meanwhile, its just a few extra steps to get what I want.

Link to post
Share on other sites

7 minutes ago, Moose_and_squirrel said:

As I said, I did do that and problem not solved.

Well the log showed you enabled some non default settings in Malwarebytes. If the log was taken after the clean reinstall then your issue might be caused by the non default settings.

9 minutes ago, Moose_and_squirrel said:

In the meanwhile, its just a few extra steps to get what I want.

Very well.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.