Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes we did find the problem and it's fixed already. The final version will have this issue completely resolved.
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yeah, we reported that bug over at the Malwarebytes forum as well.
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Hmm interesting choice of including MBAE in this summary of free AVs. Other than MBAE also being "free" there is not much functionality to compare against. But of course one could argue that AE is exactly what all those free AVs are missing, so from a complementary perspective I guess it makes sense.
     
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yeah. As long as people don't think that they install one of the "best free AVs of 2015" they won't be disappointed, but if they do believe that then they kind of expect too much of the product that they installed.

    It may not be fun if people start writing "this MBAE Antivirus really sucks, it doesn't detect anything, total garbage, stay away" :D
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
  7. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Any application can be classified as a PUP if another installer tries to install it without the user's knowledge. That's why I always choose advance install if it is offered.
     
  9. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Is this program still incompatible with Sandboxie? If not how much does it cost? Thank you!
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Ratchet, we are beta testing MBAE again. I'm not sure if the latest build is compatible with Sandboxie since I don't use Sandboxie often. Pbust added lots of great features. He is working on some bug fixes for the next build right now. It would be greatly appreciated if you could help us beta test. If you are interested download the latest experimental build from zerovulnlabs (pbust) signature above.
     
  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    That's a very good point. If they thought they were installing an AV then that's exactly what they would do.
     
  13. Russ64

    Russ64 Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    17
    Location:
    London, UK
    I tried running MBAE (free) but found that it really slowed down opening web pages in Firefox - I am already running WSA (which has Identity Shield) and Trusteer Rapport, are these known to play well with MBAE?
     
  14. Simply put: WSA identity shield and Trusteer Rapport protect your browser against things running on your computer, MBAE protects your computer from things running in your browser. Trusteer overlaps a lot with WSA and a bit with MBAE, WSA internal monitor will also overlap with behavioral protection in MBAE.

    Surprised that it works at all which so much overlap.

    Trusteer loads earlier as MBAE and it should consider MBAE's dll injection into FF a modification of the browser and block it. Probably WSA's identity shield hooks another part of the SSDT which makes TR blind for the injected dll. I woud be afraid that WSA + TR is not as 1 + 1 = double protection, but rather 1 + 1 = half protection.

    Try WSA + MBAE see how that goes
     
    Last edited by a moderator: Mar 31, 2015
  15. Russ64

    Russ64 Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    17
    Location:
    London, UK
    Thanks, I will try that and report back.
     
    Last edited: Mar 31, 2015
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    This is old and might already be fixed by Trusteer in their latest version, but here it is just in case:
    https://forums.malwarebytes.org/index.php?/topic/135127-known-issues-conflicts/
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    MBAE 1.06.1.1018 is now final and available from our website.
    https://www.malwarebytes.org/antiexploit/

    In a week or two we'll start activating the automatic upgrades, so if you prefer not to do anything, simply relax and wait for your MBAE to upgrade itself.

    NOTE FOR BETA TESTERS: If you were beta testing any of the 1.06 beta versions it is advised to uninstall from Control Panel and manually delete the MBAE logs directory (C:\ProgramData\Malwarebytes Anti-Exploit) prior to installing this final 1.06.1.1018 build.

    Changelog
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    @ZeroVulnLabs
    Thank you so much.
    One question, under Application Hardening > Browsers
    BottomUp ASLR Enforcement is unchecked, is this correct?
     
  19. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Will 1.06 Premium install directly over the top of 1.05 Premium -- and will all of my current Shields be preserved or will I need to re-enter them?
     
  20. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes that's correct MisterX. You can enable it under advanced settings but it's off by default for certain families.
    TomAZ, yes 1.06 will install on top of 1.05 and it will retain your custom shields.
     
  21. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Congrats! Great product!
    Can you share new alert look?
     
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Here's one...

    Untitled.jpg
     
  23. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Pedro--

    When there's a blocked exploit attempt which was browser 'add-on' related, is there any way to identify exactly which add-on was involved?
     
  24. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    So far so good with new public release.
     
  25. metmichallica

    metmichallica Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    183
    I have the free version installed. Does it block all exploits?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.