Jump to content

eM Client: Expoit reported, unsure if accurate?


Recommended Posts


RE: eM Client 9.2.1713.0


Whenever I click a link in an email, MalwareBytes causes eM Client to lock up and close down and then reports the below.


It's got me spooked on a number of counts as I am no wary of using the software at all and it is our main email client with 4GB of mail in there.

I've uninstalled and re-installed eM client twice now and even reverted to the trial version, but all to no avail.


Is it possible to know if this is 'false positive' or otherwise?


Thank you, best wishes.






-Log Details-
Protection Event Date: 22/03/2023
Protection Event Time: 21:51
Log File: aa5c928a-c8fb-11ed-9cf2-0026b9217be9.json

-Software Information-
Components Version: 1.0.1952
Update Package Version: 1.0.67004
Licence: Trial

-System Information-
OS: Windows 10 (Build 19045.2728)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.HeapMemoryCodeExecution, , Blocked, 0, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: eM client
Protection Layer: Malicious Memory Protection
Protection Technique: Exploit code executing from Heap memory blocked
File Name: 


Link to post
Share on other sites

Dear @Porthos,


My settings are exactly as you have provided in the screenshot IE the setting is 'off', and that was the default when I installed so left it as was.

Should I switch to 'on', maybe?


All the best, and thank you for your efforts.



Link to post
Share on other sites

Dear @BlackCraven


Mine is diametric to your experience! When I add the folder/app to the 'allowed' list, all is good. Though of course I don't want to do that IF there is an issue. So I have removed it from the 'allowed' list, thus far.

So far, it is only occurring when I click a link (like the one in the MWB email advising me there was a reply).


Thanks, take care.



Link to post
Share on other sites

I use EMClient for one email so I can keep up with the changes since I recommend it to clients instead of the expensive outlook.

I have not seen this happen.

Have you changed any default settings in the exploit settings?

Link to post
Share on other sites

Thanks again Porthos, I appreciate this.


None at all. To be frank, I have left everything at default (almost...I've turned all the real-time protections on and made changes to the schedules, but that is all).

Definitely nothing, whatsoever, changed in the exploits settings.



Link to post
Share on other sites

Argghhh...    @Porthos , I lied, though certainly not intentionally. Like @BlackCraven above, I added eM Client to the 'protected applications' section. Of course, forgot all about it. Thought I was doing the right thing by protecting the most used asset on the machine. Just realised, that this was the ONLY change made to the exploits. Sorry for this, I completely forgot.


I've removed it, and as BlackCraven says, all is good. But does this mean that eM client is now vulnerable and is not 'protected' from exploits, as such?


Thanks for all your patience guys, sorry for being such a pain and for complicating matters.


  • Like 1
Link to post
Share on other sites

1 minute ago, MikeyB said:

But does this mean that eM client is now vulnerable and is not 'protected' from exploits, as such?

No, exploits happen when you open attachments and open the file or run the file if in a zip. When you click links in an email that is where the web protection or bro will kick in.

Email is up to you to protect yourself. Malwarebytes does not scan any email.

If you want some more protection do the following to re-enable Windows security alongside Malwarebytes.

To do that turn the following off.


Link to post
Share on other sites

Thanks for this reassurance and wisdom Porthos, I am on the windows settings now as the 'grab' is exactly how it is set, currently.

Well, that's another fine mess you guys have helped a newbie out of! Thank you for the inputs, knowledge and patience you have freely given. 

I have always known Malwarebytes existed, and have even used and then uninstalled in the past, but it's here to stay now.


All the very best, thanks once more.



  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.