Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I installed build 1.06.1.1018 as a new install as soon as it was posted. I have not ran into any issues yet. I'm using Windows 7X64 Ultimate.
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I think the free version only protects your web browser, java, and your browser plugins.
     
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Running new premium version.
    1. Initializing browser protection no longer
    appears under logs tab.
    2. After bringing up IE 11 and Chrome,
    shielded applications shows : 1.
     
    Last edited: Mar 31, 2015
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Not always. Sometimes we can trace it back to the loaded module, but that's not always the case. If you have a particular case you can send us your log files and we can analyze them a bit more in-depth.

    This is as expected. Entries in the Logs tab have been replaced with the traybar balloon notifications, which can be turned off from Settings tab. There was some feedback that after running MBAE for weeks/months the Logs tab became un-usable with hundreds or thousands of similar entries. Looking for an exploit attempt became a problem in such cases.
    Does it still happen if you stop the service, start the service and manually execute mbae.exe? If so can you please send me your MBAE logs?
     
  5. Great job, some requests:

    a) Profile for mail programs (cross over of browser/office programs, maybe media player), I initially used other and added heap spray protection, but decided to use office and add anti heapspray to office. Other seems to be the profile with least restrictions, so not suited for mail.

    b) Update now option

    c) Lock MBAE with password protection (settings and/or switching off)

    Are above request candidates for future versions?
     
  6. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
    Compare MBAE Free & Premium:
    http://www.malwarebytes.org/antiexploit/
    --------------
     
  7. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
    https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-46#post-2425182
    https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-46#post-2425184
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes this is something I've been thinking about for some time. Hasn't been terribly important as mail readers are not typically targeted by exploits, but that could easily change in the future. We've been trying to stay away from it since it will require quite a bit of testing and we've had other more priority things in our plates. But it's something that's definitely in our minds.

    We added a setting for automatic upgrades which can be turned off. Regardless of this setting, MBAE checks for new versions at startup and every few hours, so there is really no need for an "update now" button.

    We rely on the OS architecture for this. Admin users can tweak MBAE settings but LUA cannot. This includes actions like start/stop protection, add/remove shields and exclusions, clear logs, change settings, etc. In "MBAE for Business" there's a couple of additional controls for removing MBAE from endpoint admin users in corporate environments such as hiding the GUI and alerts.
    In essence, and this applies to everything, not just MBAE, if you don't want a user to be able to stop/uninstall software, simply remove him/her from the Admin group. Yes I am aware some security software implements password protection to prevent uninstallation, etc. but if the user has admin access, s/he can do anything on the system, regardless of the password protection.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Since, I was running the last experimental beta, I followed the instructions to uninstall and then install the release version build 1018.

    However, the uninstall did not remove the contents of C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit...I had to delete this folder after the reboot.
     
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, correct. That's normal behavior. We don't delete the MBAE logs directory with the uninstaller as it might have important information about a Support issue when a customer contacts us.
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    OK...understood. :thumb:
     
  12. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
    ?? =
    Windows XP/2000: C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
    Windows 7/Vista/8 : C:\ProgramData\Malwarebytes Anti-Exploit
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Sorry you are of course correct.
    It is C:\ProgramData for Vista and higher and C:\Documents and Settings\All Users\Application Data for XP.
     
  14. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    I like the new version in regards to no longer logging the apps that are/were protected, and instead gives the tray notification instead, leaving the logs for more important info......... Nice clean touch.
     
  15. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Just got back to my post. I'll give it a whirl tomorrow and thank you for the reply!
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  17. True, but when you look for them MBAE stops them :thumb: (setting other with anti-heap spray enabled).


    Untitled.png
     
  18. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    @ZeroVulnLabs ,

    Can you add Vivaldi browser (Chromium based) to the list, in a future version?

    Thanks
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Do you have anymore information on the exploit?
     
  20. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes we might add that one as well in the future.
     
  21. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @ZeroVulnLabs

    Export/Import settings feature is still missing in this last release. Hopefully you could add in the future.
     
  22. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Is there a test program available to generate an exploit message?
    Thanks.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ ZeroVulnLabs

    I installed the latest version, and I think I misunderstood, in the Free version you can also configure the new advanced settings. But can you please give an option to remember column-size, in the logs and exclusions tabs for example?
     
  24. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.