Jump to content

Can't open .xls file with macros from explorer


Recommended Posts

I have Eset Protect and Endpoints in Windows 10 computers

When double clicking a .xls file with macros, Eset shows a notification saying that it will scan the file.

Menwhile Excel opens but says that it CANT open the file.

Eset then announces that the file is safe.

Closing excel and opening it again, now the file works.

 

So, double click in an .xls file -> eset blocks and scan -> Excel says it cant open the file -> eset says the file is Ok -> close Excel -> Open file again

I tried disabling macros in excel but the problem is prior to excel loading.
Converting the file to .xlsx works but these files are generated by a system

One workaround is opening Excel and then opening the file from within Excel but its time consuming.

 

image.thumb.png.df0e5cc2bc778c4a3468d00860ff331f.png

 

 

 

Link to comment
Share on other sites

Latest version installed: 

 

image.png.7b829e2c5c0404ee2b429059e8d32635.png

.xls files are not on a network drive but locally downloaded.

Link to comment
Share on other sites

  • Administrators

Where are the files downloaded from? Please provide a Procmon log from opening an xlsx file as it's not clear where they are located if not on a local or network drive.

Link to comment
Share on other sites

Files are downloaded from outlook.com

But it doesn't matter where the files came from. I can copy the file or unblock it in the properties.

I will procure a procmon log.

In the meantime, you can see an example of this files here: https://dropmefiles.com/KdK3N

Link to comment
Share on other sites

3 hours ago, Nr2 said:

So, double click in an .xls file -> eset blocks and scan -> Excel says it cant open the file -> eset says the file is Ok -> close Excel -> Open file again

This sounds to me like normal LiveGuard cloud scanning behavior on unknown low reputation potentially suspicious files. Once the file is scanned and deemed safe, the file will not be blocked in the future.

Link to comment
Share on other sites

  • Administrators

Yes, it appears to be a normal behavior of LiveGuard when proactive protection is enabled. You could create an exception by excluding "*.outlook.com/*" from submission. It should work with urls too.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...