Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the clarification @TomAZ. I've updated our FAQ to reflect this information.
     
  2. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    When i originally tested 3.76 it worked quite well without issue on both the 32 and 64 bit (w experimental protection) versions. It's only the newer 4.x SBIE versions that display the 64 to 32 bit (without manual effort) uniqueness that has been discussed before when combined w MBAE. If it's at all like a recent experience I had tracking down a global policy issue w SBIE 4.x that didn't exist in 3.76 though it's likely something small and silly but hard to track down.
     
  3. 142395

    142395 Guest

    Your post #1761 can be interpreted as if MBAE injects shellcode into memory. ofc it's not.
    I don't know much about Comodo's memory protection but maybe conflicts are from both of them try to partially similar operation, or Comodo preventes MBAE's dll to be injected into programs.
    As regenpijp wonderfully illustrated, during exploit process shellcode have to be put on a memory space which is usually by default un-executable (DEP) but attacker finally make it executable (by e.g. VirtualProtect) and run it. So shellcode can be said part of exploit.
    Also attacker have to know memory address of shellcode (ASLR) this is why they spray heap.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    IIRC at the end of the trial there's a prompt to either revert back to Free or upgrade to Premium. You have to choose one of those options for it to completely revert to Free in the titlebar. To see the prompt again, when you boot the computer you should get a traybar balloon notification about the Trial being finished. Click on that notification to get the end-of-trial prompt.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  7. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    78
    Hi, I have read in posts in the malwarebytes forum that running hitman pro alert and malwarebytes anti exploit side by side is okay and that there is no conflict. I have used hitman pro alert v2.6 for a month or so and just added malwarebytes anti exploit in the last couple of days; and now when I open a browser hitman pro sits at 12.5% in the cpu and the browser won't open - so I terminate it with process hacker (with admin rights) and it closes for a second and then reopens (which is good, because I guess it has self protection) - and in the time hitman pro alert closes and restarts, the browser opens and the excessive cpu use of hitman pro alert stops. I don't want terminate hitman pro alert every time and have it restart just to open a browser - but I'd like to keep using it. I know this is the malwarebytes anti executable thread, but should I use hitman pro alert or malwarebytes anti exploit, or if possible both, or are they really needed at all. I think for now I have to uninstall hitman pro alert (and keep malwarebytes anti exploit). All replies appreciated. Thanks. This is also posted in the hitmanpro alert thread
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Hitmanpro.Alert 2.x does not include anti-exploit mitigations, but it does have other nice things. Alert3 is the product that has exploit mitigations. If what you're concerned with is exploit mitigations, you can choose either MBAE or Alert3. There's no real added benefit from the perspective of exploit mitigation of running both together.
     
  9. guest

    guest Guest

    +1
     
  10. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    78
    Thank you for posting - what "nice things" does hitman pro alert 2.x have?

    (Although I think I am going to use malwarebytes anti exploit.)
     
  11. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Mainly, it alerts of malicious browser injections that aim to steal your data and prevents cryptolocker attacks.
     
  12. 142395

    142395 Guest

    Note when they released official HMPA v3 cryptgurad will be only paid feature but instead you can get other added functions such as BadUSB protection, application lockdown, network lockdown, and process protection which prevents process hollowing.
     
  13. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    CFG in MBAE??
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    no i do not see it in the shields and don't know how to add it. Quitezone has their official forum here. Returnil, i believe.
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  16. guest

    guest Guest

  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    An over the top install of v1.06.1.1010 gives the warning...

    ---------------------------
    Warning
    ---------------------------
    Malwarebytes Anti-Exploit is running in a low-priviledged account.
    The protection features will remain enabled and active but the user interface will not be available.
    ---------------------------
    OK
    ---------------------------
     
  20. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    This should only show if logged in as a Guest user account. Are you under a Guest account or regular non-admin user account?

    Also please send me via PM a ZIP of your C:\ProgramData\Malwarebytes Anti-Exploit directory.

    Thanks!
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    No. Will do. But, I am running XP...?
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Not sure what you require...

    ScreenShot_MBAE_v1.06.1.1010RC_06.gif
     
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Back after after a reboot, and the tray icon has returned. Opened Opera browser, but nothing shows under the 'Log' tab...

    Otherwise, everything else seems to be working...

    ScreenShot_MBAE_v1.06.1.1010RC_10.gif
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I like the new tool tips from the tray icon informing the user which applications are being protected by MBAE as they launch them. I also like the option in the advance settings which allows the user to tweak which mitigation methods they use per application.
     
    Last edited: Mar 16, 2015
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Are all the mitigation methods used by MBAE listed in the advanced settings?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.