Malwarebytes Anti-Exploit

1.05 is a cyber-ancient one year old. Are you saying the more mitigations you expect have not yet been included in 1.08?

An assumption here would be you were not running any other product which might have prevented/alerted to the download. Yes, no?

 

I only shared some observations I made back with Anti-Exploit 1.05.

 

MBAE is designed to block exploits that are delivering all kinds of malware. So as long as it's blocking the exploit, the malware won't be able to load, no matter how advanced the malware is.

 

Understood. Likewise, whenever I reply to a suspension setting inquiry on a Supersport forum, I always relate experiences I had with my 1996 Suzuki 600.

 

Today Cyberfox stopped working for me with protection enabled in AE 1.08.1.1045 on Win Ent LTSB N x64 (10586.63) after installing latest uBlock beta version with 0xc0000018. The crash stack says this is because Dynamic AntiHeap protection.

An option to automatically submit such crashes would be nice.

 

Do you still receive the same problem after rebooting or going through a fresh re-install?

 

Fresh install of Win/Cyberfox?
I did not tried that (I wait until next uBlock update but I think it not have anything to do with that addon). But I restarted Windows and got the same problem, even more worse now because I disabled Cyberfox protection within the given AE list and re-enabled the Software but still got the problem. So I think it's Cyberfox fault or Windows (maybe because latest KB).

 

Fresh install of MBAE.

 

Sadly it not helped me.

Edit:
What I also noticed that after a fresh installation (if Cyberfox is running) it also crashes the browser.

 

Can you post or PM me a FRST log?

 

either only for cyberfox or for 64bit. Firefox v44 x86 is performing well with MBAE in background. ublock origin 1.6.0beta3 <-- install update first

 

Thank you Brummelchen & ZeroVulnLabs, the problem dissipated after another beta uBlock update today. I restarted Win and installed the update (stopped/started) the protection and now it works. Strange isn't it? Maybe I'm to fast and should wait for stable next time, my fault....

However the only problem is that the Browser is crashing while you install MBAE which I reproduced on all my machines (VM and real). But I sent logs to possible solve that, not really an "big problem", just restart browser but I think the Dynamic AntiHeap protection is what Cyberox not like, I also submitted the log to the Cyberfox/Mozilla team.

 

i think that depends on plugins. but it did not happend here the last versions. and my download-plugin for dlm.

 

please release a new version!

 

Really liking the Premium version, it has pretty much everything covered already lol. Didn't have to add any custom shields, unless I wanted to be really "paranoid".

Switched from HMP.Alert, and I actually find this faster and less buggy... For one, there is a longstanding issue of lack of whitelisting in that program and this doesn't seem to have it.

 

Why, do you have a problem with the current one?

 

1.08.1.1045 / November 23, 2015
1.07.1.1015 / July 24, 2015
1.06.1.1019 / April 23, 2015
1.06.1.1018 / March 31, 2015
1.05.1.1014 / December 1, 2014
1.04.1.1012 / September 4, 2014
1.03.1.1220 / June 12, 2014
https://www.malwarebytes.org/support/releasehistory/

 

malwarebytes-anti-exploit NOT FULLY PROTECTED

Exploit Test Tool
http://dl.surfright.nl/hmpalert-test.exe

 

I would like to activate all the settings in the advanced protection section.
The problem is, how do I know that when an app crash which is MBAE advanced setting X causing it?
Could you add a feature to facilitate this? The idea would be to activate all the settings and then use the app crashes to lower them down.

 

1. Do you even know how to test exploit mitigation software?
2. Anti-Exploit will not automatically 'protect'/recognise the HMP.Alert test tool, you will have to add it manually to Anti-Exploit.

 

lol, i know this. are you using malwarebytes Anti-Exploit ?

malwarebytes anti-exploit (latest version)

(chrome + ie)
ROP - WOW64 bypass > fail
ROP - Exploit WOW64 > fail
Heap Spray 1 > fail
Heap Spray 3 > fail

malwarebytes anti-exploit is totally crap

 

... but it's still installed on my computer.

 

I use different configurations depending on my needs

Every company has its own marketing strategy: SurfRight likes to compare HitmanPro.Alert to other anti-exploit tools by providing a test tool, Malwarebytes publishes a blog post about Anti-Exploit stopping Angler or Neutrino every two weeks, Microsoft simply says: EMET is great but can be bypassed and PaloAlto says: Traps is the best, but we don't allow anyone to test it.

I only judge exploit mitigation software after running a set of custom test cases. running individual test cases provided by the HMPA test tool is a first step, but the tool does not simulate a multi-staged exploit with heap spray, info leak, ROP chain, shellcode execution, EoP and payload delivery.

I also don't like to just bash on security software as it is unlikely that I can make a better solution in my spare time.

 

Yes, it's quite silly to say that MBAE is crap, even though HMPA might be using a couple of more advanced anti-exploit techniques. And from what I've understood, the exploit test tool is indeed not enough to judge other apps when it comes to exploit blocking capabilities. I think both MBAE and HMPA are great tools.

 

4 of 6 postings and all what i read is whining, flaming and boring. if you dont like it - uninstall and dont bother us instead support.