Jump to content

Exploit.PayloadFileBlock on cmd.exe. False positive or actual threat?


fr8as98

Recommended Posts

I've noticed these alerts happening on 9/12, 9/16 and 10/11.  I can't seem to find a clear answer on what is causing this and what further to do about it.

Is this evidence of an actual threat being blocked or a false positive?  If actual threat, is there any further way to figure out where it came from and how to stop it from happening again?

 

Screenshot 2023-10-11 154411.jpg

Link to post
Share on other sites

Having the same issue.

It's asking me to reboot my machine, but I'm concerned about this, since it's saying it quarantined this system file.

How should I proceed? I cannot update MWB unless I reboot.
 

Quote

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/17/23
Protection Event Time: 6:57 PM
Log File: 8b3d038c-6d40-11ee-b441-e0d55e0a0c7f.json

-Software Information-
Version: 4.6.3.282
Components Version: 1.0.2158
Update Package Version: 1.0.76299
License: Premium

-System Information-
OS: Windows 11 (Build 22621.2428)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadFileBlock, C:\WINDOWS\system32\cmd.exe, Blocked, 601, 392684, 0.0.0, 5A6BE4D2519515241D0C133A26CF62C0, 423E0E810A69AACEBA0E5670E58AFF898CF0EBFFAB99CCB46EBB3464C3D2FACB

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload file blocked
File Name: C:\WINDOWS\system32\cmd.exe
URL:

 

(end)

 

 

Link to post
Share on other sites

You are not up to date.  From your log...

Version: 4.6.3.282
Components Version: 1.0.2158
Update Package Version: 1.0.76299

As @Porthos had posted...

On 10/12/2023 at 8:45 AM, Porthos said:

It was an issue with the exploit protection, an FP. Version 4.6.4 corrected it.

 

Link to post
Share on other sites

3 minutes ago, MrFr33z3 said:

This is also stating it will screw up my development environment by deleting node.exe on reboot, which I require for development.

Please advise, as I'm in the middle of working on a project.

If the files are quarantined after restart they can be restored.

Get the restart and get the update done and the actual cause will be fixed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.