d4005 Posted September 17, 2023 ID:1589506 Share Posted September 17, 2023 I've got a batch file that runs continuously while my Windows 11 machine is on and it's recently (last 2-3 days) started getting this exploit warning which stops the batch file from running. The strange thing is that it runs around twice a minute doing the same things but it's only once or twice a day that MalwareBytes decides it doesn't like what it's doing and stops it. The batch file is looking in a directory for some filenames and if it finds them, it "processes" their filenames by replacing certain characters and then moving them to another folder. It's the renaming of the filenames that's causing MB to to halt the batch file. Here is an example of one of the commands (this one removes exclamation marks from the filenames): PowerShell.exe -Command "dir *.m* | Rename-Item -NewName { $_.name -replace '!',''}" I've tried adding the batch file name to the allow list but that didn't help. It's not the batch file it's unhappy with, it's the individual commands within the batch file. I think if I were to add powershell.exe to the allow list that might work, but if powershell has the power to "do bad things" then it's probably unsafe to do that. Any ideas? Maybe I can add the full command line (PowerShell.exe -Command "dir *.m* | Rename-Item -NewName { $_.name -replace '!',''}") and each of the other commands I do to the allow list, but I'm not sure if the allow list takes command parameters into account. I might find that I'm just adding powershell.exe ten times. Link to post Share on other sites More sharing options...
Porthos Posted September 17, 2023 ID:1589514 Share Posted September 17, 2023 1 hour ago, d4005 said: Any ideas? Until this is fixed, you will have to disable exploit protection to run the script. Link to post Share on other sites More sharing options...
d4005 Posted September 17, 2023 Author ID:1589533 Share Posted September 17, 2023 1 hour ago, Porthos said: Until this is fixed, you will have to disable exploit protection to run the script. That seems even more extreme than what I've done. I've added powershell.exe to the allow list. It remains to be seen if that's helped because it takes hours (hundreds of executions of the script) to find out if MalwareBytes is going to stop interrupting that script. If it does help, I'll try removing it from the allow list once a month - maybe MB will decide it was a step too far, stopping powershell from doing a fairly straight forward command. I'm sure lots of people will complain and lots of programs will no longer be able to do basic things. Link to post Share on other sites More sharing options...
d4005 Posted September 17, 2023 Author ID:1589568 Share Posted September 17, 2023 3 hours ago, d4005 said: That seems even more extreme than what I've done. I've added powershell.exe to the allow list. It remains to be seen if that's helped because it takes hours (hundreds of executions of the script) to find out if MalwareBytes is going to stop interrupting that script. If it does help, I'll try removing it from the allow list once a month - maybe MB will decide it was a step too far, stopping powershell from doing a fairly straight forward command. I'm sure lots of people will complain and lots of programs will no longer be able to do basic things. Allowing the batch file didn't work. Allowing powershell didn't work. You'd think that a powershell command in a batch file causing MB to complain about exploits would be satisfied by both of them on the allow list. Seems not. Link to post Share on other sites More sharing options...
Solution Porthos Posted September 17, 2023 Solution ID:1589569 Share Posted September 17, 2023 Quote We have now fixed this issue and it is going through internal testing. If everything goes well, we should be releasing the fix in the next 2 weeks or so. Please bear with us. Thank you. Link to post Share on other sites More sharing options...
d4005 Posted September 17, 2023 Author ID:1589573 Share Posted September 17, 2023 5 minutes ago, Porthos said: Oh cool. Thanks. Link to post Share on other sites More sharing options...
Porthos Posted September 28, 2023 ID:1592071 Share Posted September 28, 2023 The beta that was released today has the anti-exploit fix included. You may get the beta by enabling BETA updates and checking for updates. This is the version with the fix. 1 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now