Description: Libreoffice gets shut down by MalwareBytes (paid version) if I click Tools / Advanced in LO. Steps to Reproduce: 1. Install MalwareBytes (I have paid version) on Windows 2. Open Windows LO 3. Select Tools, Options from the menubar 4. Select Advanced under LibreOffice Actual Results: MalwareBytes shuts down LO Expected Results: Whatever LO is doing now as opposed to in the past needs to be undone so this doesn't happen. I've had MWB installed a long time and this never happened before. Reproducible: Always User Profile Reset: No Additional Info: Version: 7.2.0.4 (x64) / LibreOffice Community Build ID: 9a9c6381e3f7a62afc1329bd359cc48accb6435b CPU threads: 8; OS: Windows 10.0 Build 19043; UI render: Skia/Raster; VCL: win Locale: en-US (en_US); UI: en-US Calc: CL
Created attachment 174607 [details] what I'm trying to select
Created attachment 174608 [details] what I see quarantined in MalwareBytes
Created attachment 174609 [details] Details from MWB
Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/29/21 Protection Event Time: 10:09 AM Log File: b4aa73d2-08d2-11ec-91e3-c86000cb337a.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44459 License: Premium Export of the MWB block: -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files\AdoptOpenJDK\jdk-11.0.10.9-openj9\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: LibreOffice Protection Layer: Application Behavior Protection Protection Technique: Exploit Office scripting abuse blocked File Name: C:\Program Files\AdoptOpenJDK\jdk-11.0.10.9-openj9\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties URL: (end)
The shutdown occurs even AFTER I delete the open-source version of Java I had installed. The directory is completely gone from my windows program folder, but LO still is trying to do something with it and gets shut down by MWB. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/29/21 Protection Event Time: 10:09 AM Log File: b4aa73d2-08d2-11ec-91e3-c86000cb337a.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44459 License: Premium -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files\AdoptOpenJDK\jdk-11.0.10.9-openj9\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: LibreOffice Protection Layer: Application Behavior Protection Protection Technique: Exploit Office scripting abuse blocked File Name: C:\Program Files\AdoptOpenJDK\jdk-11.0.10.9-openj9\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties URL: (end)
(In reply to xordevoreaux from comment #5) > The shutdown occurs even AFTER I delete the open-source version of Java I > had installed. The directory is completely gone from my windows program > folder, but LO still is trying to do something with it and gets shut down by > MWB. > > And you did also restart LibreOffice?
Well I HAD to restart LO office because it got shut down. I even removed the user profile, then went back into it again, same result.
I ran a registry cleaner to remove any traces of that open-source Java VM from the windows registry and then relaunched attempted again to select the advanced option in LO draw. MWB shut down LO again, this time for the OTHER open-source Java VM installed, so I know it's not the version of the Java VM causing the problem, it's whatever LO is doing to trigger MWB to shut it down. ------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/29/21 Protection Event Time: 10:37 AM Log File: a2520e8a-08d6-11ec-b938-c86000cb337a.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44459 License: Premium -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files\Eclipse Foundation\jdk-16.0.2.7-hotspot\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: LibreOffice Protection Layer: Application Behavior Protection Protection Technique: Exploit Office scripting abuse blocked File Name: C:\Program Files\Eclipse Foundation\jdk-16.0.2.7-hotspot\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties URL: (end)
(In reply to xordevoreaux from comment #8) > MWB shut down LO again, this time for the OTHER open-source Java VM > installed, so I know it's not the version of the Java VM causing the > problem, it's whatever LO is doing to trigger MWB to shut it down. > Can't see why it should be a LibreOffice bug if some other application closes LibreOffice process.
(In reply to Uwe Auer from comment #9) > (In reply to xordevoreaux from comment #8) > > MWB shut down LO again, this time for the OTHER open-source Java VM > > installed, so I know it's not the version of the Java VM causing the > > problem, it's whatever LO is doing to trigger MWB to shut it down. > > > > Can't see why it should be a LibreOffice bug if some other application > closes LibreOffice process. If someone introduced a kluge in the LibreOffice code to provide the list of available Java virtual machines in the Advanced window, and that kluge trips 3rd-party warning systems that LO is attempting to manipulate the operating system in a way identical to that of dangerously exploitative software, the burden is on the LO developers to fix, not something to be foisted on individual users to chase down exceptions in their anti-virus and anti-malware programs, which, in the case of MWB with this particular problem, cannot be excepted, I tried. Subsequently, I either must live with the shut-down and ignore the LO advanced tab altogether or uninstall MalwareBytes. Guess which one's not going to happen.
THis may or may not be the same problem. Selecting File/Send leads to Malwarebytes immediately closing LO. This has only occured since an update of Malwarebytes a few days ago. Malwarebytes Report: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 06/09/2021 Protection Event Time: 17:30 Log File: b5523122-0f2f-11ec-8f7d-70bc105bb0a8.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44700 Licence: Premium -System Information- OS: Windows 10 (Build 19042.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\Program Files\Java\jre1.8.0_301\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: LibreOffice Protection Layer: Application Behavior Protection Protection Technique: Exploit Office scripting abuse blocked File Name: C:\Program Files\Java\jre1.8.0_301\bin\java.exe -classpath C:\Program Files\LibreOffice\program JREProperties URL: (end)
Created attachment 175964 [details] Malwarebyte diagnostic file. When I want to create a database in LibreOffice, Malwarebyte immediately stops LibreOffice with an error. A.BREUILARD
This seems to be a recent "feature" of MalwareBytes: https://support.malwarebytes.com/hc/en-us/articles/4403990352659-Malwarebytes-Anti-Exploit-1-13-1-400-Release-Notes I recommend people affected submit a support ticket to them: https://support.malwarebytes.com/hc/en-us/requests/new
Declare it not your bug if you want but it means I'm skipping using parts of LO affected by it.