npm –v triggered detection, false positive?

[Shumba]

Note, a clean install of windows 11 on a new drive.

Relatively new to scripting but I have installed Nodejs seemingly with no issues from nodejs.org.

Today however I open up command prompt and type “node –v” .. no problems.

I then however proceed to type “npm –v” and things gets blocked and put in quarantine for “Exploit.PayloadFileBlock”.

C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js

C:\Program Files\nodejs\node.exe

My first thoughts are this has to be a false positive right? But I have 0 experience with node so.. where do I go from here?

Thanks.

[cli]

This is and Anti-Exploit detection, please post in https://forums.malwarebytes.com/forum/192-exploit/. Thanks.

[Porthos]

47 minutes ago, Shumba said:

My first thoughts are this has to be a false positive right? B

It is and a fix is going through internal testing. Hope to be released in a couple of weeks.

[Shumba]

Thank you I look forwards to that patch =D

The allow list doesn’t appear to work for these 2 files ether lol. I guess I’ll just turn it all off \O.o/

[Porthos]

The beta that was released today has the anti-exploit fix included.

You may get the beta by enabling BETA updates and checking for updates.

This is the version with the fix.