Exploit payload false positive when I use Powershell

[Otomatic]

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 08/09/2023
Heure de l'événement de protection: 16:39
Fichier journal: 8e715cba-4e55-11ee-bc8f-c87f549f210b.json

-Informations du logiciel-
Version: 4.6.1.280
Version de composants: 1.0.2117
Version de pack de mise à jour: 1.0.75025
Licence: Premium

-Informations système-
Système d'exploitation: Windows 11 (Build 22621.2215)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails de l'exploit-
Fichier: 0
(Aucun élément malveillant détecté)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::Default, Bloqué, 701, 392684, 0.0.0, ,

-Données de l'exploit-
Application concernée: cmd
Couche de protection: Application Behavior Protection
Technique de protection: Exploit payload process blocked
Nom du fichier: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::Default
URL:

 

(end)

[Porthos]

@Otomatic

Please do the following so that we may take a closer look at your system.

Please restart the computer and do the following.

WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply
  
   

Thank you

[Otomatic]

Hi,

Below is the requested file.

mbst-grab-results.zip

[Otomatic]

C'est bien détecté comme un Exploit et on devrait pouvoir l'exclure de la détection en suivant la procédure, sauf qu'il n'apparaît pas dans la liste des Exploit pouvant être exclus.

Voir les copies d'écran ci-dessous:

 

[Porthos]

Quote

Hi,

Thank you to everyone who reported this issue and worked with us in providing logs, etc. We have now fixed this issue and it is going through internal testing. If everything goes well, we should be releasing the fix in the next 2 weeks or so. Please bear with us. Thank you.

Edited 17 hours ago by Arthi

 

[Otomatic]

It seems that the latest update 4.6.3.3282 pack 1.0.7575 component 1.0.2151 has solved the problem.

You can consider this resolved.

Thank you.

[Otomatic]

Bonjour,

I concluded too quickly!

Alas, it's not over yet.

[Porthos]

The beta that was released today has the anti-exploit fix included.

You may get the beta by enabling BETA updates and checking for updates.

This is the version with the fix.

 

[Otomatic]

Hi,

Thank you. I'll give an opinion tomorrow.

As I'll be spending most of the day developing, it's great timing to see the effects of this update. I'll reset the history.

[Otomatic]

Hi,

I think this time it's the right one!

No exploits have been detected, and there have been dozens of Powershell command-line scripts and PHP scripts!

Case closed!

Thanks a lot.