Abdullah Alharbi
Posts: 5
Joined: 2020-02-05
|
Hello,
We have an Excel add-in and one of our users reported that their protection software (Malwarebytes) is blocking Excel when having our add-in loaded. Could you please guide us as to how to fix this?
Abdullah Alharbi (Excelguru.ca) |
|
Andrei Smolin
Add-in Express team
Posts: 18793
Joined: 2006-05-11
|
Hello Abdullah,
I assume the antivirus produces some records related to this issue. Do these records suggest anything? What are the records?
In case you use Add-in Express panes (ADXExcelTaskPane), try to deploy {Add-in Express installation folder}\Redistributables\{IntResource.dll and IntResource64.dll} along with other files of your add-in.
Andrei Smolin
Add-in Express Team Leader |
|
Abdullah Alharbi
Posts: 5
Joined: 2020-02-05
|
Hello Andrei,
Thank you for your response. Our user provided the following log.
Log from end user:
-Log Details-
Protection Event Date: 10/16/20
Protection Event Time: 7:00 PM
Log File: 61d48cb0-1003-11eb-b636-4845206bb6f5.json
-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1070
Update Package Version: 1.0.31468
License: Premium
-System Information-
OS: Windows 10 (Build 18362.1139)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Malware.Exploit.Agent.Generic, C:WindowsSysWOW64
undll32.exe C:WindowsSysWOW64
undll32.exe C:WindowsSystem32dfshim.dll,ShOpenVerbShortcut C:UsersmitchAppDataLocalApps.0QY16ZPAH.GYPVR6REKBX.AYGmonk..ools_4dc9f9b35674fc44_0001.0000_5b219144505ba773Monkey Tools.appref-ms|, Blocked, 0, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: Microsoft Office Excel
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:WindowsSysWOW64
undll32.exe C:WindowsSysWOW64
undll32.exe C:WindowsSystem32dfshim.dll,ShOpenVerbShortcut C:UsersmitchAppDataLocalApps.0QY16ZPAH.GYPVR6REKBX.AYGmonk..ools_4dc9f9b35674fc44_0001.0000_5b219144505ba773Monkey Tools.appref-ms|
URL:
I'm not sure if this is what we're looking for
Abdullah Alharbi (Excelguru.ca) |
|
Andrei Smolin
Add-in Express team
Posts: 18793
Joined: 2006-05-11
|
Hello Abdullah,
Thank you. It looks like your ClickOnce installer creates a shortcut (desktop icon) and the antivirus doesn't like it. I think you have two ways: 1) avoid creating it or 2) contact the antivirus vendor.
Andrei Smolin
Add-in Express Team Leader |
|