Jump to content

Exploit Office loading points abuse blocked, false positive or not?


Recommended Posts


So last night I went to add a shortcut to my desktop through steam, the uac pop up came up and approved, at the same time mbam popped this...





-Log Details-

Protection Event Date: 6/26/22

Protection Event Time: 9:41 PM

Log File: 13bc01da-f534-11ec-9c01-04421aed5d58.json


-Software Information-


Components Version: 1.0.1709

Update Package Version: 1.0.56482

License: Premium


-System Information-

OS: Windows 11 (Build 22000.739)

CPU: x64

File System: NTFS

User: System


-Exploit Details-

File: 0

(No malicious items detected)


Exploit: 1

Malware.Exploit.Agent.Generic, C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe Shell32.dll,Control_RunDLL input.dll,,{C07337D3-DB2C-4D0B-9A93-B722A6C106E2}{HOTKEYS}, Blocked, 0, 392684, 0.0.0, , 


-Exploit Data-

Affected Application: Windows Control Panel

Protection Layer: Application Behavior Protection

Protection Technique: Exploit Office loading points abuse blocked

File Name: C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe Shell32.dll,Control_RunDLL input.dll,,{C07337D3-DB2C-4D0B-9A93-B722A6C106E2}{HOTKEYS}







It's a brand new windows install, installed it a week ago, I'm not really sure what's going on, if it's a false positive or not, I don't even know if it was the steam icon to desk top thing that made it pop, after this I ran a quick scan in mbam and win defender with no results

Whats next have I been exploited or is it just an false positive and I can carry on with life?


Anxiously awaiting your reply 

Link to post
Share on other sites

I believe it is, I'll shoot home soon and double check it

I should add that I don't have office or the outlook app on this pc, I uninstalled them both shortly after installing windows.


I'll post here once I've checked this setting, thanks for such a quick reply by the way 

  • Like 1
Link to post
Share on other sites

1 hour ago, PSYKO said:

Whats next have I been exploited or is it just an false positive and I can carry on with life?


I doubt it is a cause for alarm. Exploit protection has been made more aggressive especially for 3rd party calls to rundll32.exe.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.