DBADoug

ExpertNovice - I just wanted to point out that the suspected Silverlight issue did no have to do with it being installed on my computer but rather that a Silverlight upgrade had been performed on the site I was accessing. That said, I'm no longer convinced that was the true (or only) cause. One would expect the Silverlight upgrade to produce the Anti-Exploit alert once, the first time the upgraded site was accessed. However, I continue to have intermittent occurrences of the Anit-Exploit alert. My network admin and I are now beginning to think it is a conflict with other security packages, namely System Center Endpoint Protection (SCEP) in our case. The Anti-Exploit alerts only occur when I'm running my automated tests (which access mostly internal intranet web sites) AND when a SCEP security scan is running at the same time. Yet it doesn't happen every time, so we're thinking it must also have to do with the timing of which local cache files are being accessed by SCEP and/or Internet Explorer, potentially causing a conflict and triggering the Anti-Exploit alert. At any rate, the behavior is seemingly inconsistent, but we are confident there is no true exploit occurring and believe it is likely just a conflict between security products. Just wanted to mention that since you said you are evaluating MWB to see if it should be added to already-existing security layers.

Hi Ron, From taking a look at the Known Issues & Conflicts page, I'm now fairly well convinced that the likely cause of the alert is related to the known issue having to do with Silverlight upgrades. Although I wasn't accessing Netflix, I was accessing a custom web site we developed that just underwent an Silverlight upgrade. I have not been able to reproduce the alert - it happened just the one time and I've accessed the same site multiple times since then. Unless I get more alerts, I am going to assume this was the cause. I do appreciate your response and the help of others on the forum. Thanks, Doug

Uploading image as JPG instead of PNG as Dave suggests (although the file attachment tool says says PNG files are an accepted file type). Thanks Dave

Kept getting "upload failed" when trying to attach the screens shot of the MBAE popup (png format), so will abandon that effort. All the relevant details are described in the text of the original post anyway.

This is the MBAE popup:

This morning I received an anti-exploit alert with "File/Process Blocked" and "Attacking URL" both saying "N/A." Specifically, the alert says it's "Internet Explorer (and add-ons)," Protection Layer: "Application Hardening," and Protection Technique: "Exploit blocked by Anti-HeapSpray Enforcement". I would like to know the root cause, as I have not recently updated any software on the computer (at least knowingly) and was running standard tests mostly against internal (intranet) sites, so I am posting my MBAE logs as recommended. Thanks in advance for your help. Malwarebytes Anti-Exploit.zip