Malwarebytes Anti-Exploit

Same problem with W.7 64 bit.
EMET 4.1 (Deep Hooks on)
Account SUA
Uac Max
no antivirus real time.

Where I can download the ver 0.09.5.1000 ?

 

I really hope that you can make the GUI a bit more attractive, of course I know that with a tool like MBAE it's not the most important thing, but still.

Btw, I've installed the new version, it's quite stable, but IE 11 still won't run, and even more weird, I can't exclude any process.

 

Do you also have EMET installed by any chance? If so, uncheck its SimExecFlow mitigation to see if that makes a difference.

 

No, I'm not using EMET. It's also not a big deal because normally I'm not using IE 11, but I don't like it when things break.

Also, am I correct that MBAE isn't protecting sandboxed apps? Because when I launch IE 11 via Sandboxie the problem disappears.

 

Sandboxie blocks the injection of mbae.dll into a sandboxed process.

 

Please download and run DDS and send me via PM or email (pbustamante at malwarebytes dot org) the logs.

 

I get an error when I load the tool (can't run in ''Compatibility Mode''), any other options?

It's also flagged as a trojan on VirusTotal, but I suppose that's a false positive.

 

Yes, those FP's from Rising, Kingsoft and Norman can be neglected of course.
The tool DDS, made by sUBs - well-known to anyone familiair with MBAM forum/history/testing - is fine.
The same 'compression/packing=>flagging routine' will usually also show f.i ComboFix detected as malware by such AVs.

 

Having an issue (F/P detection ??) with MBAE at Windows Updates site (IE8 ) on an XP system. Have e-mailed you all the logs for your consideration.

 

Got them, thanks. It's a known issue we've had under some weird conditions. We are fixing it now.

 

"Stop Protection" button is shaded from the very start of MBAE. Is it only on my PC?

 

On my PC (XP32) it's not shaded. Can you stop the protection via right-click on the tray system icon?

 

It's normal if the user doesn't have full admin privs. From the changelog:

 

No in SUA (Win-7).

Yes, in SUA I cannot. It's OK in Admin acc.

 

0.10.0.1000 blocking manual Windows update in XP. Error message on screen 'block exploit'.

 

Yes we have this solved already. Sending you and ky331 a new version today to verify the fix.

 

Can't seem to PM you. Please email me at pbustamante at malwarebytes dot org.

 

I missed this reply, thanks for the info.

Is there a workaround for this?

 

I suppose it's definitely possible, but at the moment there seem to be no attempts on either side to make it happen. With other solutions like HitmanPro.Alert or NoVirusThanks EXE Radar Pro, the vendors themselves have given instructions on how to adjust Sandboxie in order to make it work together with their products.

 

Can you post some links to those advices?

 

I had been having a problem to get AdobeReader to show as a protected app in MBAE when running DW Personal Firewall. See Known Issues & Conflicts

I believe it to be solved, after conferring with the developer, ILya Rabinovich by e-mail, recently.

However, as posted here, the "Shielded Applications" counter does not work properly, now, since that AdobeReader problem was fixed.

 

NoVirusThanks EXE Radar Pro + Sandboxie:
-http://novirusthanks.org/help-files/exe-radar-pro/#sbie-erp

HitmanPro.Alert + Sandboxie:
-http://www.wilderssecurity.com/showpost.php?p=2341146&postcount=1236

 

Yes, it would be cool if MBAE could offer protection inside the sandbox. I didn´t know that HP.Alert already worked together with SBIE.

Btw, a bit off topic, but I noticed that SpyShelter has the ability to monitor sandboxed processes for suspicious behavior.

So it must be possible to monitor apps in the sandbox.

What conflict did ERP have with SBIE?

 

ERP was not detecting executions of sandboxed files.

 

I've started using the beta again and have had 0 problems. Nice to see the conflict with HMP.Alert has been addressed.