Jump to content

False positive for the IIF Transaction Creator


BigRedConsulting

Recommended Posts

Customer previously reported that they tried to add it to the ignore list but it didn't stick:

"I followed directions to re-enable it then restarted Excel and my malware protection software, Malwarebytes, prevented Excel from loading. I opened Malwarebytes and told it to allow the .xla file. I then ran Excel again and Malwarebytes again blocked Excel from starting."

IMO this is somewhat rude behavior on the part of Malwarebytes, to actually cause Excel to choke when trying to load an add-in that you don't happen to like..., that the user has indicated they want to load...

 

In any case, maybe the customer doesn't know how to add it to the ignore list properly.  Do you have steps?

 

Best,

Steuart

Link to post
Share on other sites

The client writes:

"I have tried it multiple times and found that no matter whether I stand on both feet, only the left, or only the right, nothing works. I am sending two text files because Malwarebytes creates two files every time I try to run Excel with the BRC add-in. I also did a screenshot to show that it has happened multiple times.

"I had read Malwarebytes help files for problems such as mine and it is supposed to let you open a detected problem in the history and create an exception for it, but Malwarebytes will not allow me to open history items from the page where I am supposed to be able to accomplish that task."
------------------------------------------------
One of the log files appears to be you stopping the add-in from downloading a configuration text file from our site. Why would you do that? Downloading files is a rather standard thing computer do...
 
The other identifies a "Exploit.HeapMemoryCodeExecution". I don't know what that means, but I'm thinking it's either a false positive or something is happening indirectly through the Excel app that the add-in has no control over.
 

Detection History.jpg

9-19-23 at 1001 Exploit.txt 9-19-23 at 1001 Exploit He...eExecution.txt

Link to post
Share on other sites

OK, well there's no special code in the add-in that works directly with memory addresses. It's VBA code working within Excel's framework. So, not sure what Malwarebytes is seeing.

When can I expect an update on this?  Our tools aren't doing anything wrong and your app is hampering both our business and our clients' businesses.

Link to post
Share on other sites

  • 2 months later...
  • 2 weeks later...
On 12/27/2023 at 1:06 PM, BigRedConsulting said:

What can I do to keep this from happening?  For example, I could supply a list of add-in file names.

The only thing you can do is tell your users to follow the instructions given in this post.

@Arthi

 

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.