Malwarebytes Anti-Exploit

Well I have a lot of GPO hardening, this could be the reason since most dll-injecting apps (HPMA, EMET and MBAE) have impact on browser launch time. IE + MBAE = 0.8-1 secs extra, Chrome + EMET = 2 to 5 secs extra.

Playing with EMET it seems that with IE11 the load time returns to normal when removing module MSHTML.dll from EAF+ protection (launch time reduces from 1.35 to 0.25 secs)

 

1-2 secs extra loading time is not that much considering the trade-off of additional browser security.

As for EMET, I would really discourage turning off important mitigations such as EAF+ and others as it significantly reduces the benefit of having EMET in the first place and can result in a false sense of security.

 

I am currently running premium v1.04.1.1012, which I had to install manually. I have yet to see MBAE update automatically.

 

I noticed that after updating from 1.03 premium to 1.04 premium, I had some problems accessing my online bank accounts. The bank no longer "recognized" my computer, so I had to go through the process of re-validating it.

Would this be normal?

 

I'd guess you deleted the cookies that identified you to the bank.

If you use ccleaner or Slim Cleaner or anything like that... it happens.

 

Nope - don't think that was it. I have used CCleaner for years and have never had a problem. Hadn't had any trouble until right after the upgrade I mentioned.

 

MBAE doesn't touch your cookies or temp files, so I don't think that this could be caused due to an MBAE upgrade.

Does your bank rely on Java for its authentication process? If so did you get an exploit blocked popup from MBAE by any chance?

 

That's interesting -- maybe totally coincidental??

Not sure whether or not they use Java for authentication, but don't even have Java installed on my computer (if that's what you're referring to??) This all happened several days ago, but don't recall any MBAE popup. I went through the required re-authentication process with the bank and all's good now.

 

MBAE Premium not blocking spegittiware exploit on FireFox 32. Yesterday, while trying to order a pepperoni pizza from Dominoes Pizza using Firefox 32 my Windows 8.1 PC froze. Never happened before. Had to open my PC case and found my hard drive was covered with spegitti marinara. I guess we finally found one that MBAE won't block. I suspect the garlic disables the Shield. Hope MBAE will be updated to block the new variant that comes with meatballs. Hopefully the garlic will keep vampires out of my OS.

I think it 's some kind of ransomeware. 10 minutes later got an email from a woman offering to come to my house and clean up the inside of my PC case for $10.00. Email was from a Nigerian heiress. She also mentioned something about needing the money to help her get her inheritance.

Will Malwarebytes clean spegetti from your PC ?

Ran the malware through VirusTotal saw nothing. Also ran it through some online Italian cooking sites.

 

If you don't even have Java then the chances of it being MBAE-related are basically nil. More likely your bank pushed out a re-auth request or some other software cleared your auth token.

 

Hi this happen to me today... I think I get online update yesterday...
no tray icon but the mbae services run on processes (task manager) after a while a pop up shows that error...

http://s8.postimg.org/a93ahdn2d/mbae092414.png

try uninstall and reinstall... now there's no processes and tray icon

 

Maybe a corrupt or incomplete upgrade. Happens sometime when something has the SCM open. Try the following:

1- Close all apps (browses, etc.) and uninstall from Control Panel.
2- Delete C:\Program Files(x64)\Malwarebytes Anti-Exploit and C:\ProgramData\Malwarebytes Anti-Exploit
3- Reboot
4- Download and install latest version from malwarebytes.org

Does it work now?

 

Yes now it's work when trying your method... funny thing is when I download the latest version now it's still mbae-setup-1.04.1.1012
same file when I download the fist time on 7/9/14. But yesterday the program asked if I wanna download the program update.

Right now I also try Window Firewall Control and already allow mbae-svc.exe.
Maybe I have to whitelist other files so the download can get through perfectly?
Thanks for your kind assistance Zero

 

Maybe the previous upgrade wasn't performed correctly and this is why you got another upgrade prompt. Anyway mbae-svc.exe should be the only process you need to allow through the Firewall.

 

I just started to try the program... So I believe the program that I installed is version 1.04.1.1012.
So it's a bit strange if suddenly the program said the update available and ask user if they want to update...

So today I try on another pc... fresh install win 7 64bit... after a while and a couple of reboot I notice the tray is missing.
checked through the task manager I saw 2 entry mbae.exe and mbae-svc.exe with no tray icon but no error pop-up.
On the other pc, task manager only report mbae.exe and tray is visible.

 

Yes, I've noticed that both MBAE and HMPA will perhaps add 1 or 2 seconds to start up/loading time. So I do wonder if it makes sense to use them both when they are compatible again. Same goes for running apps via Sandboxie, it will also add a small delay. And I'm not sure, but I do think that this "problem" is less noticeable if you are using a SSD.

What the hell?

 

I was wondering if MBAE was offering rewards for discovering exploits that MBAE doesn't stop.

 

We have given bounties in the past for bypasses reported to us responsibly. If you have one simply contact me.

 

@ ZeroVulnLabs

I was reading about Trusteer Apex (not meant for consumers) and I noticed that they are talking about stopping exploits with what they call "stateful application control". What do you think about this, do you think it can be compared with "exploit mitigations" offered by MBAE/HMPA/EMET, or is it perhaps a different kind of exploit blocking method?

http://www.networkworld.com/article...hat-may-compromise-endpoints-and-put-ent.html

 

I always try to steer away from commenting on other vendor's technology. In this case the only thing we have to go by is the marketing description which makes it sound that the exploit mitigation part of their product could be comparable to parts of the MBAE Layer3 techniques. Would love to try their product as I know from experience that approach by itself is not enough to detect more advanced exploits. In fact recently Angler Exploit Kit started using memory-only payloads which makes the whole anti-exe/HIPS/AV approach that focuses on the malicious binary moot from the exploit detection perspective.
http://malware.dontneedcoffee.com/2014/08/angler-ek-now-capable-of-fileless.html

 

Can MBAE help, prevent or at least somehow partially protect against this Angler Exploit kit?

 

Yes MBAE detects and block this memory-only exploit.

 

Hi,

Will you add support for Cyberfox soon, and will be also available in the free version?

Thanks

 

No plans to add any new browsers in the free version, but you can add as many custom shields as you want in the premium version.

 

Pedro, what about LibreOffice? Will you add support for LO?

And how many custom shields needed for LO Writer & LO Calc?
a) Two = Writer -> swriter.exe & Calc -> scalc.exe
or
b) Three = Writer -> swriter.exe & Calc -> scalc.exe & LibreOffice -> soffice.exe?