Jump to content

Malwarebytes thinks it's blocking exploits, even though it's just Word


wessltov

Recommended Posts

Ever since the Follina exploit first came to light, Malwarebytes has been crashing Word on seemingly random occasions.

I applied the recommended patch for Follina back when everyone was in a panic about it, but that didn't stop Malwarebytes from blocking everything up to and including hyperlinks, which continuously crashed Word. Back then I figured it was a security overreach, which was completely understandable considering how fresh the issue was. 

However, months after Microsoft patched the issue (and several Malwarebytes updates later) Word still crashes during basic operation. For example, when I went to "Layout > Line Numbers > Line Numbering Options...", it happed again - and Malwarebytes reports "Malware.Exploit.Agent Exploit payload process blocked" (screenshots attached). 

Are these just software-landmines we have to live with for a while, or is something messed up? I already tried "SFC /scannow" from the command line and repairing MS Office from the control panel, but no luck so far 

i1.png

i2.png

i3.png

Link to post
Share on other sites

9 hours ago, wessltov said:

Malwarebytes has been crashing Word on seemingly random occasions.

Could you post the actual log instead of screenshots please.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites

  • 1 month later...
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/22
Protection Event Time: 9:27 PM
Log File: 31dc2cac-55a7-11ed-9b63-e8f40865954a.json

-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.61593
License: Premium

-System Information-
OS: Windows 10 (Build 19045.2130)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.HeapMemoryCodeExecution, , Blocked, 0, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Microsoft Office Word
Protection Layer: Malicious Memory Protection
Protection Technique: Exploit code executing from Heap memory blocked
File Name: 
URL: 



(end)
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.