Jump to content

Exploit.PayloadProcessBlock when clicking links from Office docs

DoogleSmile

By DoogleSmile
in Exploit

 Share
Go to solution Solved by Porthos,

Recommended Posts

DoogleSmile

DoogleSmile

Posted
Posted

I've just started getting "Advanced Threat Protection" popups from Office when I click on links I know are safe. This is a new bug created by Office if you have an enterprise license and it hasn't been set up properly to allow links.

However, if I click to skip verification to load the link, then Malwarebytes forces Excel to close and pops up the following (It does this with every link in the document):

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 04/12/2023
Protection Event Time: 15:57
Log File: d21300fc-92bd-11ee-84ff-00d8617830f9.json

-Software Information-
Version: 4.6.6.294
Components Version: 1.0.2201
Update Package Version: 1.0.77978
Licence: Premium

-System Information-
OS: Windows 10 (Build 19045.3693)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --single-argument https:\www.walescottageholidays.co.uk\snowdonia-the-llyn-peninsula\llanbedrog-cottages\thefor-the-forge, Blocked, 701, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --single-argument https:\www.walescottageholidays.co.uk\snowdonia-the-llyn-peninsula\llanbedrog-cottages\thefor-the-forge
URL: 

(end)

I can copy and paste the line "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --single-argument https:\www.walescottageholidays.co.uk\snowdonia-the-llyn-peninsula\llanbedrog-cottages\thefor-the-forge" into a command prompt and it works fine to open the page up.

Is there anything I can do to fix this issue? I'm able to simply copy the links and paste them into my browser window in the mean time.

Link to post
Share on other sites
DoogleSmile

DoogleSmile

Posted
  • Author
Posted

I just changed my default browser to firefox, and I get the same issue:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 04/12/2023
Protection Event Time: 16:48
Log File: 034dc808-92c5-11ee-953b-00d8617830f9.json

-Software Information-
Version: 4.6.6.294
Components Version: 1.0.2201
Update Package Version: 1.0.77978
Licence: Premium

-System Information-
OS: Windows 10 (Build 19045.3693)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe -osint -url http:\www.google.co.uk\, Blocked, 701, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe -osint -url http:\www.google.co.uk\
URL: 

(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.