Malwarebytes Anti-Exploit

I already tried stopping MBAE and than restarting, when I installed MBAE I first stopped its protection, than I opened sandboxed Mozilla Firefox and than I restarted MBAE's protection, but than nothing happened, again.
Sorry, but no luck with Sandboxie 4.14.

 

Aha ! thanks for added info. Does seem a shame to roll back to 3.76 especially with SBoxie patches for W8.x 64bit
Maybe HMPA is the way to go...

 

You'll also need to be using the template in the sandboxie.ini and ensure it's active in the software compatibility before disabling protection and re-enabling it inside mbae. That's just to get the dll injected. If it can't communicate it won't work. If I recall correctly the dll will un-inject almost immediately if it can't communicate.

If you are already using the template and are sure it is activated in the software compatibility try running the resource access monitor and shoot me a message with the output and I'll see if something else might need to be added or changed.

I'm Running Windows 7 x64 with Sandboxie 4.15B and MBAE 1.05 and it injects into 32bit apps without requiring manually disabling/re-enabling protection. If you want to guard 64bit apps or are running a 32bit system the manual process will still need to be used. Why it only works on a 64 system for 32 bit apps confuses me but it's been a while since I heard an update on it. Only guarded app I had that was 64bit was my browser but I switched that to a 32 bit version and now don't even have to pay attention anymore.

When I first made this template I was using Sandboxie 3.76 on a 32 bit system and it worked fine. It's been updated a couple times to enable the 64bit scan key and a minor change in one of the paths but its held up pretty well for me. I haven't gone back to test it on 3.76 again but I don't see why it shouldn't still work.

A thread found on the MBAE forum contains a bit more if you want to read over it:
https://forums.malwarebytes.org/index.php?/topic/157873-choosing-between-sandboxie-and-mbae/

 

Well...I need v4.x.x for W8 64bit
So, I need the Template #10 and the manual process.
Thanks for pointing me to MBAE forum....good read. Seems like SBoxie communication is not a priority. My sentiments are expressed here

 

To be honest I didn't look beyond the last 2 pages (and I pretty much skimmed them) so I wasn't sure of your OS and stuff. As for the sandboxie communication, that *could* be included in the default templates.ini of sbie but I expect they're waiting for a fully compatible version of mbae before they bother adding it to their lists. The template takes care of the communication between the guarded app if you add it to the templates.ini or sandboxie.ini manually. The problem as it currently exists is with MBAE being, for whatever reason, unable to inject properly into sbie guarded apps except for the 64 OS - 32 app situation (somehow the disabling of shields and re-enabling fixes this). They (Malwarebytes) haven't released anything since the last release build but I'm *hoping* that we will see some progress on this once they release a new beta. My situation worked out perfectly as I can use both together without issue but I will still enjoy seeing the day when I don't have to be concerned if all the apps (x64 included) are getting injected using both programs.

The template (#10) you linked to is a tad outdated, the one quoted above or the one found (same thing) on the second page of the MBAE thread is the correct one. Minor changes for the last revision of mbae.

 

I am on Windows XP Pro Service Pack 3 32-bit, also it doesn't work for me either on Windows 8.1 32-bit.

 

So, this is the proper Template #1603 to be used with manual procedure. And CoolBedSearch reports #1606 No Worky.
~ Vista 32 and W8.1 64 Seems my priority for SBoxie is not shared my MBAE
Thanks for your info and interest

 

Pedro,

I was playing with Applocker, noticed that installer extracts and executes tmp binaries. Why not use "ordinary" executables (system admin only needs to create allow rule for MBAE as trusted publisher)?

Regards Kees

 

As there seems to be some repeated confusion or lack of communication on my part on how to get SBIE and MBAE to work together I decided to help make things a bit easier. I've uploaded a zip file which contains a doc and html formats of a guide with pictures that I threw together. Hopefully it will make things easier to understand. It does not contain any of the required files, programs, etc. It is just a how-to with pics.

http://www.mediafire.com/download/k91ch3xevcd8jn5/SBIE_MBAE.zip
mirrored here:
http://www39.zippyshare.com/v/Q4Erwl0N/file.html

Edit: Seems the html version isn't formatted very well. Sorry about that!

 

Hello syrinx:

Unfortunately the above zip file is accompanied by adware that will be flagged by some of our protections.

If forum policy allows, perhaps you could simply upload the essential file(s), in a zip, here.

"L'enfer est plein de bonnes volontés et désirs"

Cheers.

 

Excuse me? What adware? I just downloaded and it's clean...

 

Anyone knows how to backup settings? I don't want to lose all the Shields already added. Thanks. In case of a System Restore or re-format/install.

 

Yeah I'm not sure what to tell you, there is only a .doc file, the .doc saved as .html and .jpgs inside the zip. No executables.....so adware? umm....ok


I'll upload to a mirror in case it was mediafire sneaking in a bad 'download' link but I didn't see any when I checked just now but maybe my ad blocker removed it. I was going to upload it as an attachment here originally but with all the pics it is much too large!

Here we go: http://www39.zippyshare.com/v/Q4Erwl0N/file.html

 

Hello Mister X:

Avira Free Antivirus 14.0.7.468:

Because I have all protections on this system set to "Shoot first - ask questions later" of course it could be a FP. Yet that's how I like to maintain this system.

Cheers

 

Avira believes your second source is clean.

Excellent! You did good and thank you for your extra effort.

 

I could be mistaken but I believe these can be found in "C:\ProgramData\Malwarebytes Anti-Exploit\" as applications.dat

Haven't tested but seems to be what you're looking for. (I hope)

Edit: *Checked with a hex editor, mbae-protector.xpe looks like it could hold some of the custom shields as well but it could just be what was currently guarded as my browser and a few others are active on my machine atm and appear in both files.

 

Thanks for the guide syrinx, it is awesome. I've updated the MBAE FAQ entry for Sandboxie to link to your guide:
https://forums.malwarebytes.org/ind...frequently-asked-questions/page-2#entry911676

 

Do you have any idea why HMPA hasn't got any problems working together with SBIE? I mean without having to add several of entries to the SIE .ini file.

 

It's just a different driver and hooking architecture. Each one has its pros and cons.

 

Hello ZeroVulnLabs,

Could you confirm this please?
https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/reply?quote=2454830

 

Yes it is correct. Keep a copy of your .DAT files to backup any settings you might have. But with 1.06 we've added a feature that will keep the custom shields even if the upgrade changes the DAT format.

 

Fine, thank you.

 

Are we going to have new experimental build soon?

 

In a few weeks we should.

 

Thanks, Pedro!