Hi,
When I try to open any Word doc(x) file, Word 2010 will not start because it gets blocked by SEPM (MEM).
If I start Word first - without opening a file - Word start fine and I can even open with same file without problems.
Other antivirus/malware software does not find a thing (Malwarebytes, VirusTotal) so this looks some kind of false possitive.
Had the same thing happening with VLC a while ago btw.
Seems like if there was once a vuln in the past Symantec is quick to blacklist exe's?
I'm running an unmanaged client, how can I "fix" this issue, other than disabling MEM?
Relevant log:
85 1/17/2018 12:09:19 PM Memory Exploit Mitigation Critical Incoming None 0.0.0.0 0 N/A 192.168.0.10 0 N/A C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 61010 0 Attack: Return Oriented Programming API Invocation user PC Default 1 1/17/2018 12:09:27 PM 1/17/2018 12:09:27 PM Blocked Attack: Return Oriented Programming API Invocation attack against C:\Program Files\Microsoft Office\Office14\WINWORD.EXE