Node.exe & npm-cli.js [ExploitPayloadFile Blocked]

[Icarus34]

Hi, i bought a computer from a legit store, i installed the same day node, npm, and visual studio code.

I worked for a while coding on visual studio code and i let my computer off for a while.

When i unlocked it again, and reopened visual studio code, alot of exploit warnings appeared, also they blocked node.exe so i could'nt use the terminal anymore.

I formatted the computer, reinstalled all again, worked for two days and the same exploit warning appeared again, when i opened a new visual studio code window.

I will add one log, the one who has location ended on "prefix -g", if you need any more information let me know, im really curious about these warnings.

log.txt

[Porthos]

@Icarus34

Can you check if the "Penetration testing" toggle in the UI is ON? If it is ON, please turn it OFF and Hit Apply

If that setting is not on, click restore defaults and click Apply.

You can find it by going to Security->Exploit Protection->Advanced settings 

 

[Icarus34]

@Porthos Hi porthos, thanks for you'r fast reply, the penetration testing button was OFF.

[Porthos]

@Icarus34 did you do the reset to default?

Please do the following so that we may take a closer look at your system.

Please restart the computer and do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply
  
   

Thank you

[Icarus34]

@Porthos Yes, i restored it to default.

I will attach the file.

mbst-grab-results.zip

[Porthos]

3 minutes ago, Icarus34 said:

I will attach the file.

Thanks for the logs. Devs will pick them up.

I see you have Avira. Are you planning to purchase Malwarebytes?

When your trial ends, these blocks will end as well.

[Icarus34]

@Porthos Yes, i will purchase Malwarebytes past tomorrow if not tomorrow, i want it to work along with avira.

Thanks for your fast replys :)

 

[Porthos]

Just now, Icarus34 said:

i want it to work along with avira.

It "should" but I never recommend using anything alongside Malwarebytes except Windows Defender.

Staff still need to find out if these blocks are intended or something to adjust.

@Arthi

 

[Arthi]

Hi,

Thank to everyone who reported this issue and worked with us in providing logs, etc. We have now fixed this issue and it is going through internal testing. If everything goes well, we should be releasing the fix in the next 2 weeks or so. Please bear with us. Thank you.

[Porthos]

The beta that was released today has the anti-exploit fix included.

You may get the beta by enabling BETA updates and checking for updates.

This is the version with the fix.

 

[GeneralMartok]

@Porthos First, I hope you like cheese.  Second, I am having this issue with Node.js and toggled "Beta" and ran the update, but I am still at 4.6.2.  I am reinstalling node (and excluding that folder from scans). Not sure if it will fix it.  Please let me know your thoughts regarding the beta update feature. 

[Porthos]

@GeneralMartok

Please download the following installer and run it. Install over the top of your current installation.

https://downloads.malwarebytes.com/file/mb-windows

Then restart the computer and open Malwarebytes and go to Settings by clicking the small gear icon and go to the General tab, scroll down and enable Beta updates 

You may need to wait up to about 5 minutes or so, but then check for updates on that same General tab or the About tab and let it update to the latest Beta version

Once it has updated, RESTART the computer again and let us know if you're still having an exploit block

[GeneralMartok]

@Porthos  Thank you for the quick reply.  I installed it and the version is at 4.6.4. 

[Porthos]

2 minutes ago, GeneralMartok said:

@Porthos  Thank you for the quick reply.  I installed it and the version is at 4.6.4. 

Qapla'!

[Porthos]

@GeneralMartok Has the beta solved your issue?

[GeneralMartok]

@Porthos Yes it has, thank you!

[GeneralMartok]

@Porthos 

 

There is still an issue with MB working with Node.Js.  

Multiple Entries, here are a few.

-Log Details-
Protection Event Date: 10/3/23
Protection Event Time: 3:51 PM
Log File: 32f666f2-6226-11ee-8d85-8cae4cea21b7.json

-Software Information-
Version: 4.6.2.281
Components Version: 1.0.2131
Update Package Version: 1.0.75921
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3448)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 1
Exploit.PayloadFileBlock, C:\Program Files\nodejs\node.exe, Quarantined, 0, 392684, 0.0.0, 1C583CCED5854388CE3BECD1E866602E, 7128B7A6E4EB4D5EFC9EBD62F72BF76EDC4E34EFFDCCFB1C6B399638521495D1

Exploit: 0
(No malicious items detected)

www.malwarebytes.com

-Log Details-
Protection Event Date: 10/3/23
Protection Event Time: 3:51 PM
Log File: 32dce650-6226-11ee-b88f-8cae4cea21b7.json

-Software Information-
Version: 4.6.2.281  (NOTE: In the UI of MB is shows 4.6.4)
Components Version: 1.0.2131
Update Package Version: 1.0.75921
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3448)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadFileBlock, C:\Program Files\nodejs\node.exe, Blocked, 601, 392684, 0.0.0, 1C583CCED5854388CE3BECD1E866602E, 7128B7A6E4EB4D5EFC9EBD62F72BF76EDC4E34EFFDCCFB1C6B399638521495D1

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload file blocked
File Name: C:\Program Files\nodejs\node.exe
URL: 

(end)

 

[Porthos]

1 hour ago, GeneralMartok said:

-Software Information-
Version: 4.6.2.281

This is the issue.

 

On 10/3/2023 at 3:39 PM, GeneralMartok said:

I installed it and the version is at 4.6.4. 

You said you were on 4.6.4.