Malwarebytes Anti-Exploit

MBAE removed from my PC, but black screen problem remains.
That means that it isn't a MBAE bug and I have to look somewhere else.......

OS: Windows 10 Pro x64 (Version 1511 - Build 10586.104).

Update:
Suspect found, it was the Total Mail Converter which installed few days ago.
TMC uninstalled, MBAE 1.08.1.1189 reinstalled.
No problems so far.

 

TMC from giveaway is crap.

 

A lesson I learned the hard way........

 

i dont mind on such experiments, i use sandboxie for that reason
collecting some of the goodies for exchange with friends, thats all. i like some of the games, in special playrix/alawar/immanitas/bigfish, some i play as german version. concerning emails EML or MBOX is best known export/import format if program is offering - and many do. i am using becky! mailer for now ~20 years since v1 and still satiesfied. some imap issues in between but solved fast. Carty is reliable, worth each penny.

 

@ ZeroVulnLabs

I just wanted to say that I don't like the new website, the older one looked more attractive:

https://www.malwarebytes.org/antiexploit/

 

But, but, it's... M O B I L E F R I E N D L Y !

 

I've read about the known issues with Comodo - namely:

"New Comodo Bug. We found a second new bug in Comodo which may cause conflict with MBAE and result in browsers not being able to open correctly. It seems when Comodo injects before MBAE there is no problem, but if MBAE injects before Comodo then Comodo doesn't handle the hooks correctly. A fresh re-install of MBAE solves the problem in most cases."

As I experienced this issue first hand (using the MBAE Free trial), I wanted to say that there is no need to add your browser in Comodo's Defense+ shellcode injection exclusions and risk some of your security, as some people suggested. There is a better workaround, at least until an official fix comes from Comodo.

In Comodo's Advanced Settings -> Security Settings -> File Rating -> File Groups create a new group called MBAE for instance, and add an entire MBAE folder to it. Next, in Defense+ -> HIPS -> HIPS Rules add the newly created file group MBAE, and treat it as a Windows System Application.

With this, there will be no more hanging browser issue, and you can use both programs' features.

 

MBAE ver. 1.08.1.1189 - Exploit Test Tool (HPA3) ver 1.9.2
W.7 Home (64 bit) PC (my daughter)

http://sendvid.com/9gch8hq3

There is someone who can do a test with EMET 5.5?

 

Did you do these test with AE installed with defaults or did you set custom setup?

 

Tried downloading the test file and this is what I get.

 

I see you were trying the 32 bit version. anybody try the 64 bit version on Windows 10?

 

Is available 1 single version of the Exploit Test Tool:

http://www.surfright.nl/en/downloads/

Custom Setup.

The signature is OK:

 

@ZeroVulnLabs

Pedro, Chrome with AppContainer does not show MBAE.dll, see picture. Does this limit the effectiveness of MBAE (it is still injected in broker and GPU processes with Medium and Low integrity level).

Regards Kees

 

Hi Kees:



For me is OK.

 

Thx I am on 32 bits, that seems to be only difference

 

This got me thinking regarding EMET and injecting info AppContainer protected Chrome processes and the difference between 32-bit and 64-bit Windows. Since EMET injecting is slightly off-topic from MBAE, I will put this into a Spoiler below:

Spoiler: EMET Injecting - 32-bit / 64-bit

So, your comment got me thinking about AppContainer protected processes of Chrome and the injection difference between 32-bit and 64-bit Windows regarding EMET (and possibly MBAE). On 64-bit Windows, EMET is reporting that protection is NOT enabled on the AppContainer protected Chrome processes, yet while Process Explorer shows EMET64.dll being injected. So it appears to be injected and protected, but not reporting back to EMET GUI correctly. But anyway, because of your comment, I decided to fire up a Windows 8.1 32-bit virtual machine and do a similar setup with AppContainer protected Chrome processes. And similar to what you mentioned here with MBAE, there were no EMET dll's injected at all in the AppContainer protected Chrome processes. So it appears that there may be some difference here in the way that EMET (and MBAE) is (or is not) able to inject into AppContainer protected Chrome processes on 32-bit Windows. Interesting, indeed. I am not a programmer/developer, so I do not know what to make of this on a technical level.

 

I don't think Sampei is using the AppContainer tweak, because "livello obbligatorio non attendibile" seems to be "integrity level untrusted".

 

@SampaiNihara

Are You on 8, 8.1 or 10?

 

7

 

AppContainer doesn't exist on 7. You can enable the switch, but it would have no effect.

 

@ZeroVulnLabs Chrome with AppContainer seems to block MBAE.dll.

QUESTION: How does this affect the protection offered by MBAE?

 

Question how come PDF-Viewer and Media Player Classic wasn't included in the MAE instead of manually added into the shield protection is their a reason why we can't include these as part of the premium package.

Cheers

 

You should be able to add any program(s) you wish... as well as have more "standard" programs protected... when you're running the PREMIUM (Paid) version of MBAE --- you're only limited when using the free version.

 

Hi Pedro.
MBAE premium does not protect the Apps (level Appcontainer)
I did a test with the default Apps:
Photos
Video
Music