Malwarebytes Anti-Exploit

Updated the template but still no luck with palemoon and cyberfox 64 bit

 

I just installed and tested. For some reason I am seeing similar results. 32 bit palemoon works with exp build and sandboxie 4.14....but the x64 version of palemoon isn't getting it injected. I even tried notepad (64) in sandboxie and guarded with mbae~no luck. A great step in the right direction for sure but not quite there just yet. /cry

Tested on Windows 7 x64 VM and checked with Sandboxies Resource Access Monitor and Procexp

 

Are you able to get other 32bit browsers working within sandboxie 4.x (IE, Firefox, Chrome)?

 

For me both Firefox and IE worked with SBIE 4.14.... not using chrome now.

 

@ ZeroVulnLabs

I noticed that it's the first time you mentioned some techniques that are being used by MBAE, so will you perhaps release a more complete list of all mitigations used? Of course without any details, so that hackers will not become any wiser. Sort of like EMET has done but without the implementation details.

 

I can confirm 32 bit chrome (an older version I had on drive) IE & firefox were injected fine. In fact I have seen no issues with any 32 bit apps yet, just 64 bit ones.

 

Are there any known compatible issues with MBAE with NOD 32 8? Eset said they made enhancements to their exploit blocker so i'm wondering if there still compatible. So far it seems MBAE is the best option for me since I have to disable too many mitigation methods with EMET for it to be compatible with the applications it is meant to protect, and HMPA interferes with my privacy VPN service.

 

I'm using MBAE and Eset v8... so far no problem even with MBAE v1.04... never encountered a problem...

 

Ok, thank You. I'm using Windows 7X64 Ultimate. I'm going to make a backup of my machine, and then install the free version. I will report back if I encounter any problems.

 

MBAE 1.05.3.1010 running with NOD32 8.0.304.1 on Win7 Ult. (64) on a laptop without issues so far.

 

Added HMPA 3.0.15 (build 92 CTP4)

 

Yes I use Win 7 x64 aswell

 

We haven't tested this yet, but MBAE 1.05 might also solve the compatibility problems with Hitmanpro.Alert3.

 

Have it running alongside HMP.A 3.0.15 bld 92 CTP4 on Windows 7 Pro x64 with no apparent conflicts so far.
All we need now is compatibility with Sandboxie and there will be several happy bunnies on Wilders

 

Follow up:
Just tried running the mbae-test and it only works if HMP.A is disabled. With HMP.A running the calculator shows.
See attached picture showing HMP.A protecting the test file. I assume that mbae doesn't actually see the test file to block it ?

 

@ ZeroVulnLabs

I have a question about this:

--------------------------
"As an example of Layer3, we've added a mitigation for the much talked-about recent PowerPoint zero-day vulnerabilities CVE-2014-4114 and CVE-2014-6352. After some testing we saw that the mitigation suggested by Microsoft for EMET could cause system instabilities and conflicts with third-party applications. We have therefore designed a much more stable mitigation for these type of vulnerabilities."
--------------------------

What exactly do you mean with this, was this type of "zero day" able to bypass layer 1 and 2 protection offered by MBAE?

 

It seems that some here have already made MBAE 1.05 work within Sandboxie for 32bit applications. Check posts on page 46 for details. As for the mbae-test utility, it does get blocked here with MBAE only. Not sure why it would run the calc with HMPA running.

The two PowerPoint zero-days bypassed all, EMET, MBAE and HMPA included, because it was not really an exploit in the strict sense of the word. Rather it is an "application design abuse exploit" and there are no memory corruptions, etc. involved, so no memory mitigations can detect or block it. This is the perfect example of why having an "application behavior" Layer3 protection is useful to block these types of non-memory exploits, sandbox escapes and memory mitigation bypasses.

 

Approximately, when is 1.05 scheduled for release?

 

Depends on feedback with Experimental and QA testing, probably no less than 2-3 weeks.

 

Is MBAE fully compatible with Trend Micro Internet Security, or does any functionality clash/overlap? This is a Windows 8.1 Lenovo laptop, fully patched and running the Trend Micro suite in 'Hypersensitive' mode with all shields activated. A lot of banking and other important personal work related activities are done on this laptop.

MBAE will make for a great addon to the security arsenal, yes? I don't plan on adding anything else, just TMIS and MBAE.

 

There's no conflicts as far as we know. In fact I think MBAE makes a very good complement of TMIS.

 

OK thanks I understand it better now, I will do some reading.

 

Currently running well with appguard and EIS.
@ZeroVulnLabs

Does this mean it is already inside/ included in 1.05.3.1010 ?

thanks,
feandur

 

Yes, it is included in 1.05.

 

Yeah !
thanks ZeroVulnLabs


feandur