Malwarebytes Anti-Exploit

And more components/surface area to exploit.

 

@ropchain @Nightwalker
Fine. I'm going to unsandbox Minecraft. Thank you.

 

If you can provide information about an actual In-the-wild exploit or information regarding a researcher performing a remote exploitation demo on a supported OS (like Vista, 7 or 8.1), then I will happily change my opinion.

 

You misinterpret my post

I have the same opinion as you, that someone doesnt need to sandbox games. My point is that some security solutions overlap and sometimes is better to keep it simple, so there are less surface area and components to exploit.

 

But what if that surface area is composed of security programs (just in my case). There would be more components to exploit then is harder for attacker to succeed, no? I'm not trolling, just new to computer security.

 

Welcome to the world of DEP and ASLR

 

You're right tested on Win7 SP1 x86 and no problems so far.

 

Can you please send me a ZIP file of your MBAE user data directory (C:\ProgramData\Malwarebytes Anti-Exploit).

 

How do I find out the expiration date of my MBAE-Premium license?

 

It should be in the confirmation email from Cleverbridge.

If you received a license key from me directly for helping us beta test, send me the key via PM and I'll look it up.

 

I sent you a PM.
~~~~~~~~~~~~~~~

P.S. I wonder why this forum calls a PM a "conversation"? By definition, a conversation is by voice.

 

[offtopic]Conversation is also "a common law action brought by a husband by which he claimed damages against an adulterer" (source: common) which is the best way of putting it without violating forum policy. For further research:
https://en.wiktionary.org/wiki/
http://www.etymonline.com/
Speech is not necessarily a necessity in conversing...[/offtopic]

BTW, I know when my key expires by way of the Cleverbridge invoice date and I have that entered in Lightning to remind me next year. But there is no way to determine that from the UI. Not a deal breaker, but unusual. Everything software I own has an activation date or expiration date or # days left.

 

I've mentioned to bellgamin via PM, but with 1.07 we're introducing some management of expired & fraudulent keys. Enforcement will be gradually deployed over time.

 

My current license is over a year old. I have another license that I did not use. Can I apply this other license now and if so how. There is nothing in my current MBAE Premium that says anything about renewing or applying another license.

 

Did you get a license from me as a beta tester? If so PM me the license and I can look it up. The beta tester licenses that I gave out are slightly different.

 

P.M. sent.

 

@pbust...

If you have the Notification balloon option checked, is there any way to limit the time the balloon is displayed? Unless mine isn't working properly, it seems like it's there foreever. Five seconds or so would probably be more than adequate. Thanks.

 

The default time is 5 seconds. Not knowing what OS you are running, see if the information below is helpful.

http://www.sevenforums.com/tutorials/10697-notifications-change-how-long-stay-open.html

 

Trialing free version 1.06.1.1019 on XP-pro-SP3.
According to
https://forums.malwarebytes.org/ind...how-to-verify-that-mbae-is-working-correctly/
I'm supposed to see mbae.dll in ProcessExplorer Find...
I see it in System, SeaMonkey and Opera.
I do not see it on Word and Excel from Office2003, nor on VLC, yet all those are listed on the Shields tab.
The Log tab is empty. So is it half-working on XP? I'm flummoxed.

 

MBAE is injecting into VLC player on my Windows 7X64 setup. I don't know about Office 2003; I have Office 2010. Maybe it's a bug only affecting XP users.

 

Do you have the free or premium version? Free version only protects Browsers + addons and Java, you need premium to protect VLC and Office software.

Try the test file and see if it is working.

Ps: Log tab "empty" is by design now, when it blocks a exploit (like the test) it will write normally.

 

Is the lock icon on the Shields tab open or closed?

 

I did write in my first post (#2144) that I'm using free. Now I understand that the shield list is for both free and paid versions.
Yes, I did run the test and it got logged.
When MBAE is enabled, it catches attempted start of calc.exe, so it's working fine.
When MBAE is disabled, SSM (System Safety Monitor) catches it.


@ZeroVulnLabs,
Thanks for pitching in. Shield is ok. It looks like I understand better now. MBAE looks great here.
Are Office2003 applications protected on XP in the paid version?
Is Outlook included? I don't see it in the list.

 

When you search for mbae.dll in Process Explorer "Find Handle or dll..." the application(s) need to be running.

You won't see
whatever.exe 6260 DLL C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
unless whatever is running.

Obvious, yes. Or maybe not. You made no mention what was or was not actually running.

FYI: logs work in v1.07, currently beta.

 

Of course! They were running. Just Excel example: