Malwarebytes Anti-Exploit

Hello,

For LibreOffice you only need one custom shield, add "soffice.bin". That will shield all for LibreOffice.
HTH...

 

Is it advisable to shield MS Silverlight and if so how.

 

For LibreOffice all you need to add is 1 custom shield for "soffice.bin". This will give coverage of all LibreOffice apps.

Edit: oops just saw puff answered the question.

 

It is automatically shielded, no need to add a custom shield.

 

Thank you.
-------
@ Pedro,
Will you add support (auto shield) for LO?

 

Okay, thanks Pedro.

 

Questions

1) Does MBAE protect flash player, even when IE protection is deactivated?

2) I have added WWAHost.exe (browser) and Powershell.exe (other), seems to work without problems on Win 8.1. See explanation of WWAHost, any reason to omit this in the default list?

 

If IE shield is deactivated in MBAE, MBAE will still protect Flash under other browsers (Firefox, Chrome, etc.) but not Flash under IE.

The IE-based Metro apps run differently than the regular IE. The criteria for adding new apps to the default shield list is based on it being (1) widely distributed and (2) subject to exploits. Clearly in this case it fits the first criteria but not the second. If we see that second criteria change due to new research, poc, etc in the future we will add it to the default shield. In the meantime as other users have reported you can create a custom shield for WWAHost.

 

When will it be fixed? Does Malwarebytes Anti-Exploit protect the plugin-container.exe of Firefox too?

 

This thing looks like it's pretty much ready for me to add it to my arsenal, and I'm eager to do so... if only something could be done about this Sandboxie incompatibility.

A real crying shame that is... because SBIE is such a beloved product. If something isn't done about this it will lose you out on a large chunk of a potential customer base. This should be priority #1 right now.

 

I have been running both (SB and MAE) with no problems. I am using the latest SB 4.13.5

 

It's not that you cannot have both on your system but sandboxed apps won't be protected by MBAE.

 

Zactly... which pretty much defeats the purpose. I should have been more specific.

 

Depends on how you're using SBIE, I am using it on demand for example (not for browser protection), so I do not mind that MBAE can not protect processes inside the sandbox. Also, while SBIE can not stop exploits, it will at least be able to contain them. But it would be indeed nice if they could work together.

 

Yes I can understand this, but the reason I asked was because I'm a bit surprised by their approach. From what I've read they do not try to stop memory overflow (corruption), but instead they came up with something else. It does make me wonder if this ""stateful application control" approach can be applied to any app on the fly, I highly doubt that this is the case.

This is from the PDF file:

"To prevent endpoint compromise, Trusteer Apex restricts ‘sensitive’ application operations: Trusteer Apex monitors the application state at the time the application executes sensitive operations, for example writing a file to the file system. Trusteer Apex uses a whitelist of legitimate application states to verify that the sensitive operation is executed under a known, legitimate state. An exploit will attempt to execute sensitive operations under an unknown (not whitelisted) state, thus it will be stopped. This unique approach allows Trusteer Apex to accurately detect and block both known and zero-day exploits, without knowing anything about the threat or the exploited vulnerability."

 

It is fixed already in the MBAE 1.05. We'll release it soon as Experimental version.

Someone recently posted about a compatibility template for Sandboxie 3.x with MBAE. Of course unfortunately not 4.x:
https://forums.malwarebytes.org/ind...choosing-between-sandboxie-and-mbae/?p=884176

 

I had some troubles with previous version of MBAE, 1.0.0.10 if I remember well. Some conflict with Firefox. I noticed when checking about:crashes that the module mbae.dll was causing this conflict with Firefox. I've not yet intalled the latest version, hope this can't occur with the latest release.

 

MBAE Beta 0.10 expires today Oct 1, 2014. It is strongly recommended to uninstall and install the non-beta version from malwarebytes.org. Once you are on a non-beta version MBAE will auto-upgrade itself to newer versions as they become available.

 

is Malwarebytes Anti-Exploit free program?

 

There's MBAE Free which protects browsers, browser add-ons and Java in real-time.

Then there's MBAE Premium which adds protection for MS Office, PDF Readers, media players and custom shields.

Both Free and Premium have automatic upgrades to new versions.

 

Can you turn this off? I hate it when apps auto-update.

 

It prompts you first. You can cancel it.

 

thank you

 

thank you