Jump to content

False positive Run VBSCript with FastExcel product


Recommended Posts

InstallV4Bundle.zipA cusstomer has reported that MalwareBytes reports a malicious attempt to execute a VBScript when using our FastExcel product (an Excel addin)

This is a false positive. The product (like thousands of others) uses a reference to the VBScript DLL to create and use a VBScript Dictionary object.

I have verified that the installed XLAM files that use VBScript are correctly digitally signed.

The installer for fastExcel is attached


-Log Details-
Protection Event Date: 8/22/22
Protection Event Time: 9:36 AM
Log File: 62857e64-221f-11ed-b597-2816a80a2f10.json

-Software Information-
Components Version: 1.0.1740
Update Package Version: 1.0.58999
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1889)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\Windows\System32\vbscript.dll, Blocked, 0, 392684, 0.0.0, 7605F07418C880F209C3C09136F9B278, 1D7C82F9A0DC4F05FAD2BEEB7BA524401BAF541CBE1FA36ACB6DC85100E33B8C

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\Windows\System32\vbscript.dll




Link to post
Share on other sites

3 hours ago, DecisionModels said:

A cusstomer has reported that MalwareBytes reports a malicious attempt to execute a VBScript when using our FastExcel product (an Excel addin)

Is your log submitted by the customer or one you were able to reproduce the issue for reporting here?

Link to post
Share on other sites

log was submitted by customer - malwarebytes is not an AV we use to test with.

What surprises me is that it looks like in this case just using a VBScript Dictionary object seems to trigger this warning - probably the majority of Excel VBA Addins use Dictionary. if this really is the cause then Malwarebytes needs to create a much smarter algorithm

Link to post
Share on other sites

I am the Malwarebytes customer who encountered this problem.  What do you need me to submit.  I can tell you that when I run the standard routines from the DecisionModels app I get this message every time, pertaining to the VBA dll. I'm using Malwarebytes version, Update package version 1.05.59117 and component package version 1.0.1740. My account is current and is under jjoyner@integravc.com.  I have logged the app folder (C:\Program Files (x86)\FastExcelv4\ and the *.xlam files in the Allow List. I've had similar problems with Malwarebytes when using Excel add-ins.   Malwarebytes FastExcel 2.txtMalwarebytes FastExcel.txt

Link to post
Share on other sites

3 minutes ago, jfjoyner3 said:

I'm using Malwarebytes version

Lets use the support tool and do a clean uninstall and reinstall. Restart the computer after the reinstall. Do not change any default settings. Try you process again.

Download the Malwarebytes Support Tool.


Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also.

Once done it will attempt to reinstall both Malwarebytes and Privacy VPN.

Please say no and close the X button on the top right for Privacy if you are not subscribed to it..

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.