Jump to content

False Positive - MB Blocking Power-User Add-on For Office


COSMICX

Recommended Posts

There's a legitimate add-on for Microsoft called Power-User and Malwarebyte's keep flagging it as a malware/exploit when it tries to do an update. This tool is legitimate and since it is an add-on that customizes/adds functionality to Microsoft Excel, I assume Malwarebytes flags it as an exploit.

Link to the official product/software:

https://www.powerusersoftwares.com/

 

Malwarebytes Log:
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/2/23
Protection Event Time: 1:49 PM
Log File: 44306448-b8f0-11ed-af19-00ff4c357b3f.json

-Software Information-
Version: 4.5.22.236
Components Version: 1.0.1915
Update Package Version: 1.0.66267
License: Premium

-System Information-
OS: Windows 10 (Build 19045.2604)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.OfficeLoadingPointsAbuse, C:\WINDOWS\SYSTEM32\msiexec.exe \i D:\Downloads\Power-user (1.6.1571.0).msi \QN, Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office loading points abuse blocked
File Name: C:\WINDOWS\SYSTEM32\msiexec.exe \i D:\Downloads\Power-user (1.6.1571.0).msi \QN
URL:

 

(end)

mbam.png

Link to post
Share on other sites

1 minute ago, Porthos said:

Yes. That is the risk/cost of using add-ons.

I see. Is it not possible for the MB team to whitelist it, so other users using the same app don't face an issue and users that do use it don't have to disable their protection settings and be vulnerable to actually malicious add-ons?

 

PS: Thank you so much for all your help, though. I really appreciate it.

Link to post
Share on other sites

  • 9 months later...
  • 1 month later...
21 minutes ago, RJMII said:

Yes, an update WOULD be great. Not an inexpensive subscription either, but quite handy. This add-on has been knocked this way for years. It's too bad.

For sure. I would love to see them whitelist this. Currently, I disable MB every time there's an update to bypass this issue :( Hoping the MB team can look into this and get in touch with the PowerUser team and find some solution to get this issue resolved.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.