Jump to content

cPaperless TicTie Calculate Being Blocked as RTP Exploit


NightOwl

Recommended Posts

We use TicTie Calculate by SafeSend cPaperless. Yesterday we installed it on a new, fully-updated computer, but MalwareBytes keeps blocking it as an RTP exploit **after** the initial application use.

TicTie Calculate is a plug-in for Adobe Acrobat Pro. First you install Adobe Acrobat Pro, then make some settings adjustments to Adobe Acrobat Pro, and finally you install the TicTie Calculate plug-in.

When you open Adobe Acrobat Pro, TicTie Calculate checks for a folder at C:\cPaperless. If the folder does not exist, it will create the folder.

After reading around in this forum, I tried the following unsuccessfully...

  • Detection History > Allow List > Allow a previously detected exploit > Nothing is listed here even though history shows the record that is listed below.
  • Enabling beta updates in General > Beta updates
  • Disabling Exploit Protection in Security > Exploit Protection > Advanced settings > Unchecking all options under "PDF readers"
  • All of the above settings were returned to their default values after confirming they did not resolve the issue.

The only thing that I found to allow Adobe Acrobat Pro to function with the TicTie Calculate plug-in is to disable application protection in Security > Exploit Protection > Manage protected applications > Adobe Acrobat

Since this computer handles a lot of sensitive documents - including a lot of PDFs - we are concerned that we are not opening ourselves up to an attack vector. Is there a better way to handle allowing TicTie Calculate to work with Adobe Acrobat Pro without completely disabling Adobe Acrobat Pro exploit detection?

Here a blocked exploit log...

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/3/24
Protection Event Time: 3:19 AM
Log File: c7471880-c27d-11ee-9ee2-168261453cae.json

-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2242
Update Package Version: 1.0.80460
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3996)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe \c if exist C:\cPaperless\TTCPlugin\CustomSymbols\CustomSymbols.pdf echo Folder already exists, Blocked, 701, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: Adobe Acrobat
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe \c if exist C:\cPaperless\TTCPlugin\CustomSymbols\CustomSymbols.pdf echo Folder already exists
URL:


(end)

Thanks for your insights.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Good day @NightOwl

Sorry for the delay. It looks like the system did no appear to alert about your post. Can you please gather some logs so I can check on them and submit for review if needed.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.