Malwarebytes Anti-Exploit

I did not uninstall MBAE yet. I was going to wait until you responded to my post. I have not received another crash yet. Usually I get them if I leave my machine running for several days without rebooting. The last crash made MBAE tray icon disappear. All of MBAE's processes continued to run even though the tray icon had disappeared. Maybe I am experiencing an application conflict. I am running more security software right now than I normally do.

 

When explorer.exe crashes it is normal that some traybar icons will disappear. Reboot to operate in a normal state to continue testing.

 

I'm with you on this! I was researching this subject this morning and on Malwarebytes site it listed the conflicts and it doesn't list Sandboxie. What's up with that? Maybe I missed it though!

 

I'm a noob with certain software, I have Comodo Internet Security Premium installed, along with MBAE and MBAM. Whenever I use MBAE (currently stopped) it says that an exploit has been blocked, RIGHT when I open Google Chrome. Is there any way to fix this? Sorry if you already posted the answer if someone asked, but I wasn't going to look through 62 pages of forum posts. Sorry.

 

As of version 1.05 it was moved from the Known Conflicts list (i.e. would not work together) to the FAQ (i.e. how to make them work together):
https://forums.malwarebytes.org/index.php?/topic/136424-frequently-asked-questions/

Check the Known Conflicts list:
https://forums.malwarebytes.org/index.php?/topic/135127-known-issues-conflicts/

 

It doesn't say anything about Comodo and MBAE being conflicting programs. At first I thought it was just my computer being stupid but I did see that CIS actually has their own little Exploit Stopper, but its supposedly not as good as MBAE. And I actually did a test to see if it was CIS and it is. Before I installed everything was good, then after installation it happened, I uninstalled, and it worked again... I did that over 3 times, partly because I messed up my internet each time, but also to test my theory about them being conflicting programs.

 

We did have Comodo in the list right after release of MBAE 1.05. But after contacting Comodo they fixed it in their latest release according to feedback from other users. Can you please check to make sure you have the latest Comodo release and upgrade if you don't?

 

I checked both CIS and MBAE, they are up to date, I even tried adding all the CIS related programs to the shields to try that, and it works somewhat. I have to have MBAE off when opening Chrome, then turn it on, and even then sometimes it doesn't let my pages load.

 

MBAE seems to lock some of the small extension icons in the upper right of screen in chrome. When i deactivate the shield for chrome they are good. Also when starting a new tab they sometimes freeze and don't open up a new window.

 

@Dragon1952 can you please PM me the logs from running the FRST utility?

 

I give up, I am using AVG now, and it MBAE works now, obviously this was either a problem with how I set CIS up, or the problem was CIS. I don't know but I am not going to even try and find out.

 

Does MBAE have to be updated each time a protected app is updated. e.g: MBAE injects into FF34. What happens when FF updates to 35 ?

MBAE states no sig updates. Isn't there a HIPS factor that needs behavior rule sets updated ?

May I replace AppGuard and ERP with MBAE. AG Guarded Apps + ERP anti-executable v MB Anti-Exploit ?

 

MBAE identifies programs by their executable name; for example, firefox.exe . As long as the executable name stays the same, MBAE will continue to protect newer versions.

 

Isn't there a HIPS factor that needs behavior rule sets updated ?

Should I rethink my signature and just run MBAE

 

MBAE only watches for exploits, but it does not cover the whole system. So if you want to have control over what's allowed to run on your system, you still need ERP. If you want even more protection, you could use AG, but personally I'm not a fan of it, I don't like its approach.

EDIT: If you want protection against exploits only, MBAE is probably enough. But I just saw your signature, and it seems that you already have quite a lot of protection.

 

Forgive my ignorance, but what is ERP, please?
A search on Google only returns pages about Enterprise Resource Planning, but I'm sure that's not what you're talking about.

 

Exe Radar Pro
https://www.wilderssecurity.com/threads/new-antiexecutable-novirusthanks-exe-radar-pro.300552/

 

I'm running CFW v8.0.0.4344 and MBAE experimental. When I launch Chrome, MBAE blocks it saying, Exploit Attempt Blocked, MBAE has blocked an exploit attempt. Can it be just the version of MBAE?

 

I have not used Comodo in a while. Do you know if it injects into almost ever process? Maybe it is causing that build of MBAE to flag the false positive. I use Online Armor, and it injects into almost ever process so I thought it was worth mentioning of nothing else to eliminate the possibility.

 

Yes, I was thinking the same thing, but I'm not for sure if Comodo does.

 

Well, no harm in investigating another mouse trap. Malwarebytes as you know is well respected.

 

So, if malware renames Firefox ? Does MBAE prompt. Does MBAE use MD5 / SHA ?

 

MBAE is meant to stop malware that installs on your system without your intervention, it doesn't go any further. It you already have malware in your computer that should be stopped with other layers of protection.

MBAE doesn't protect Firefox, it protects you from Firefox.

 

provided the executable name stays the same as per ky331 #1548