Bug 151771 - Malwarebytes blocks libreoffice
Summary: Malwarebytes blocks libreoffice
Status: CLOSED NOTOURBUG
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
7.4.2.3 release
Hardware: All Windows (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-26 16:58 UTC by Hans Rottier
Modified: 2022-10-31 16:10 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hans Rottier 2022-10-26 16:58:09 UTC 
Description:
When opening a document or starting Writer blank (FileOpen) it is blocked by MalwareBytes as an Exploit

Steps to Reproduce:
1.Install Malwarbytes
2.Start LibreOffice
3.

Actual Results:
LibreOffice stops and MalwareBytes gives a report

Expected Results:
Started application without interference of MalwareBytes


Reproducible: Always


User Profile Reset: Yes

Additional Info:
The report from MalwareBytes:

Malwarebytes
www.malwarebytes.com

-Logboekdetails-
Datum beveiligingsgebeurtenis: 26-10-2022
Tijd beveiligingsgebeurtenis: 15:59
Logbestand: 51a00a0c-5536-11ed-b6f2-f0bf97686fff.json

-Software-informatie-
Versie: 4.5.15.215
Versie componenten: 1.0.1784
Update pakketversie: 1.0.61573
Licentie: Premium

-Systeeminformatie-
Besturingssysteem: Windows 10 (Build 19044.2130)
Processor: x64
Bestandssysteem: NTFS
Gebruiker: System

-Details van exploit-
Bestand: 0
(Geen kwaadaardige items gedetecteerd)

Exploit: 1
Malware.Exploit.Agent.Generic, C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \c c:\Program Files (x86)\ATI Stream\bin\x86_64\clc -Dfp_t=double -Dfp_t4=double4 -Dfp_t16=double16 -DINPUTSIZE=15360 -DAMD_DP_EXTENSION  --emit=llvmbc --march=x86-64 -D__CPU__=1 -D__x86_64__=1 -Dcl_amd_fp64=1 -Dcl_khr_global_int32_base_atomics=1 -Dcl_khr_global_int32_extended_atomics=1 -Dcl_khr_local_int32_base_atomics=1 -Dcl_khr_local_int32_extended_atomics=1 -Dcl_khr_int64_base_atomics=1 -Dcl_khr_int64_extended_atomics=1 -Dcl_khr_byte_addressable_store=1 -Dcl_khr_gl_sharing=1 -Dcl_ext_device_fission=1 -Dcl_amd_device_attribute_query=1 -Dcl_amd_printf=1 -Dcl_khr_d3d10_sharing=1 -o C:\Users\Henk\AppData\Local\Temp\OCLAA77.tmp.bc C:\Users\Henk\AppData\Local\Temp\OCLAA77.tmp.cl 1> C:\Users\Henk\AppData\Local\Temp\OCLAA77.tmp.log 2>&1, Geblokkeerd, 0, 392684, 0.0.0, , 

-Exploit-gegevens-
Getroffen toepassing: LibreOffice
Beveiligingslaag: Application Behavior Protection
Beveiligingstechniek: Exploit Office spawning batch command blocked
Bestandsnaam: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \c c:\Program Files (x86)\ATI Stream\bin\x86_64\clc -Dfp_t=double -Dfp_t4=double4 -Dfp_t16=double16 -DINPUTSIZE=15360 -DAMD_DP_EXTENSION  --emit=llvmbc --march=x86-64 -D__CPU__=1 -D__x86_64__=1 -Dcl_amd_fp64=1 -Dcl_khr_global_int32_base_atomics=1 -Dcl_khr_global_int32_extended_atomics=1 -Dcl_khr_local_int32_base_atomics=1 -Dcl_khr_local_int32_extended_atomics=1 -Dcl_khr_int64_base_atomics=1 -Dcl_khr_int64_extended_atomics=1 -Dcl_khr_byte_addressable_store=1 -Dcl_khr_gl_sharing=1 -Dcl_ext_device_fission=1 -Dcl_amd_device_attribute_query=1 -Dcl_amd_printf=1 -Dcl_khr_d3d10_sharing=1 -o C:\Users\Henk\AppData\Local\Temp\OCLAA77.tmp.bc C:\Users\Henk\AppData\Local\Temp\OCLAA77.tmp.cl 1> C:\Users\Henk\AppData\Local\Temp\OCLAA77.tmp.log 2>&1
URL: 



(end)
Comment 1 csyu.279 2022-10-26 21:23:33 UTC 
Resolved

Windows HP Elitebook 

Version: 7.4.2.3 (x64) / LibreOffice Community
Build ID: 382eef1f22670f7f4118c8c2dd222ec7ad009daf
CPU threads: 8; OS: Windows 10.0 Build 19042; UI render: Skia/Vulkan; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: CL
Comment 2 Buovjaga 2022-10-31 15:02:45 UTC 
Hans: please report this false positive to Malwarebytes. It is a problem with their software.
Comment 3 Hans Rottier 2022-10-31 16:10:42 UTC 
I did report to Malwarebytes and it is solved.