Jump to content

MS Word on Windows 11 being blocked from running due to reported Exploit


brob
Go to solution Solved by Porthos,

Recommended Posts

I am trying to start up MS word, get that accound squared away and Malwarebytes is stopping MS office related programs from running.  here is the log (text since I cant use word)   Mind that everything that I see is Office going thorugh its account procedures and those are treated as an exploit.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/8/23
Protection Event Time: 12:47 PM
Log File: b30cc97f-3613-11ee-9b44-902e16cf2849.json

-Software Information-
Version: 4.5.32.271
Components Version: 1.0.2051
Update Package Version: 1.0.73663
License: Premium

-System Information-
OS: Windows 11 (Build 22000.2176)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe C:\Program Files\Common Files\Microsoft Shared\Office16\ai.exe \trigger, Blocked, 701, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft Office Word
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe C:\Program Files\Common Files\Microsoft Shared\Office16\ai.exe \trigger
URL:

(end)

 

Any way to fix this?

Link to post
Share on other sites

4 minutes ago, brob said:

Is there anything that I could allow for malwarebytes to overlook this? 

No.

You would have to disable Malwarebytes exploit protection for Office completely. Or turn off live protection in Spybot.

https://www.safer-networking.org/pt-br/faq/what-is-sdonaccess-exe/

 

Edited by Porthos
Link to post
Share on other sites

Spybot uninstalled, then rebooted (always can reinstall), still did not resolve the malwarebytes deterction of MS OFFice's Word program.   Malwarebytes is still performing the same thing and FORCE CLOSING Word.

Now the log does not refer to spybot as the culprit.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/8/23
Protection Event Time: 2:11 PM
Log File: 638a0612-361f-11ee-af1b-902e16cf2849.json

-Software Information-
Version: 4.5.32.271
Components Version: 1.0.2051
Update Package Version: 1.0.73663
License: Premium

-System Information-
OS: Windows 11 (Build 22000.2176)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe 6EF8D6BC-D779-40AC-931D-73E46F3FC9F6 E6A7F7E8-B839-4061-B244-ECEC7BF1C02B 2036 C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, Blocked, 701, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Microsoft Office Word
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe 6EF8D6BC-D779-40AC-931D-73E46F3FC9F6 E6A7F7E8-B839-4061-B244-ECEC7BF1C02B 2036 C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
URL:

(end)

Link to post
Share on other sites

@brob

To expand on what Arthi posted,

That setting is specific to penetration testing (i.e. not actual threats) so enabling won't really do anything unless the system is tested using third party testing tools/test exploits.  It is purely for testing purposes to verify that protection is working properly, however, it is not needed for protecting your system from actual malware which is why it is turned off by default.

I hope that helps to clarify things and if there is anything else we might help with please let us know.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.