Jump to content

False Positive - MB Blocking Power-User Add-on For Office

COSMICX

By COSMICX
in Exploit

 Share
Go to solution Solved by Porthos,

Recommended Posts

COSMICX

COSMICX

Posted
Posted

There's a legitimate add-on for Microsoft called Power-User and Malwarebyte's keep flagging it as a malware/exploit when it tries to do an update. This tool is legitimate and since it is an add-on that customizes/adds functionality to Microsoft Excel, I assume Malwarebytes flags it as an exploit.

Link to the official product/software:

https://www.powerusersoftwares.com/

 

Malwarebytes Log:
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/2/23
Protection Event Time: 1:49 PM
Log File: 44306448-b8f0-11ed-af19-00ff4c357b3f.json

-Software Information-
Version: 4.5.22.236
Components Version: 1.0.1915
Update Package Version: 1.0.66267
License: Premium

-System Information-
OS: Windows 10 (Build 19045.2604)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.OfficeLoadingPointsAbuse, C:\WINDOWS\SYSTEM32\msiexec.exe \i D:\Downloads\Power-user (1.6.1571.0).msi \QN, Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit Office loading points abuse blocked
File Name: C:\WINDOWS\SYSTEM32\msiexec.exe \i D:\Downloads\Power-user (1.6.1571.0).msi \QN
URL:

 

(end)

mbam.png

Link to post
Share on other sites
COSMICX

COSMICX

Posted
  • Author
Posted
11 minutes ago, Porthos said:

If it is not, you will need to disable the following.

Doing this does solve the issue but won't disabling this mean even malicious applications will now be able to execute an exploit?

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
3 minutes ago, COSMICX said:

Doing this does solve the issue but won't disabling this mean even malicious applications will now be able to execute an exploit?

Yes. That is the risk/cost of using add-ons.

Link to post
Share on other sites
COSMICX

COSMICX

Posted
  • Author
Posted
1 minute ago, Porthos said:

Yes. That is the risk/cost of using add-ons.

I see. Is it not possible for the MB team to whitelist it, so other users using the same app don't face an issue and users that do use it don't have to disable their protection settings and be vulnerable to actually malicious add-ons?

 

PS: Thank you so much for all your help, though. I really appreciate it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept