Jump to content

Block of WindowsControlPanel ApplicationBehaviorProtection Exploit payload


milldogtjm
 Share

Recommended Posts

Hi I seem to be getting a WindowsControlPanel ApplicationBehaviorProtection Exploit payload process blocked. The control panel I'm trying to access is the Windows defender firewall troubleshoot by process

File Name: C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe ms-settings:troubleshoot

But I get a Exploit.PayloadProcessBlock, C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe ms-settings:troubleshoot, Blocked, 0, 392684, 0.0.0, ,

This is for Windows 10 Build 19045.2364 x64, User:System Malwarebytes Version: 4.5.19.229 Components Version: 1.0.1860 Update Package Version: 1.0.64511 License: Premium

I will send the Malwarebytes Support Tool logs

mbst-grab-results.zip

Link to post
Share on other sites

I was trying to access the Windows defender firewall troubleshooter by the Diagnose /Repair in the Actions panel of the Windows Defender Firewall with Advanced Security on Local Computer admin tool. When clicked on it should bring up a popup troubleshooter with that set file path being used. Which then Malwarebytes for Windows blocks with that error in the first post, and i have both explorer, control.exe in the allow list. By the way that Allow list should have a spot for exploits too.

Link to post
Share on other sites

So apparently with max protections in Exploit Protection checked the windows mcc trouble shooter won't come up; but when i put the exploit protections to the defaults it came up just fine. So yes a false positive when all possible protections are enabled but not so if left at defaults.

Link to post
Share on other sites

2 minutes ago, milldogtjm said:

Yes I know it could but this has been the only issue I've had with all exploit protections on since they incorporated the Malwarebytes Anti-Exploit tool into the main program, so to me this is a false positive when full protections are ran.

This is a self created FP. You have been lucky in the past.

All the default settings (not just exploit protection) have been carefully chosen to give the highest protecton with the least disruption and false positives.

Many of the posts in the FP sections are because someone enabled a non default setting "thinking" it is actually more protection. Some changes actually make mainstream programs like Office stop working causing users to have to run a repair on the office software itself.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.