Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    Asking for the next beta on the same day when MBAE 1.05 final is available?

    Obviously you love also the [free meal] beta/experimental builds.......

    &
    Yes, Experimental/Beta versions are fully unlocked.
     
  2. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
    I intend to purchase it but want to try it a bit longer. I've paid for AppGuard, WinPatrol, Sandboxie and in the past Kaspersky Security Suite so I'm not averse to paying for good security software. I'm currently evaluating Faronics Deep Freeze for purchase also.
     
  3. Again, impressive performance improvement with 1.05 release, well done :thumb:
     
  4. topguynow

    topguynow Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    61
    When can we expect a version to be fully compatible with Sandboxie? Meaning no tweaking involved to create that compatibility...Thanks
     
  5. As far as I understand, with the tweaking you tell Sandboxie to allow MBAE its protections. Its like love and marriage, you cant have one without the other (according to Al Bundy)
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    I'm using 1.05 since the experimental versions, and they always worked really nice...

    No issues with my setup and it is very light!
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    It looks like a reported incompatibilty with HMP.A 2.6.5 has been resolved with MBAE 1.05.

    Installed the free version on two W7 x64 machines and everything is running well.

    Cheers.
     
  8. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I expect once the DLL injection is completed, eg 100% reliable on all OS's ~ 32/64 bit dlls ~ sandboxie will include an entry in default the template.ini making the transition nearly seamless. Aside from that I urge you to inspect the template.ini in the sandboxie install folder to see how much 'tweaking' is needed for software compatibility and the plethora of other products. It may seem seamless to you but it is in fact not.
     
  9. 142395

    142395 Guest

    I added many applications to shield, and after update to 1.05 all of them disappeared so I had to re-add them one by one.
    Also when I was doing that, after adding many programs, GUI begun not to reflect added programs.
    However, it correctly showed those added programs after reboot.
    I had the same experience before, GUI in shield window din't reflect changes but it seems internally they are correctly processed.
     
  10. wojtek

    wojtek Registered Member

    Joined:
    Jan 5, 2014
    Posts:
    33
  11. 142395

    142395 Guest

  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    There's an issue which we're currently fixing that happens when adding many custom shields. We'll limit this to 100 custom shields in an upcoming build next week.
     
  13. 142395

    142395 Guest

    Good to know you're fixing, but number of my added program is far below 100.
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Sorry I wasn't clear earlier. The fix will limit to 100. Currently there is no limit on how many you can add in the GUI but the bug appears well below 100.
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Is there a website that we can use to test Malwarebytes Anti-Exploit?
     
  16. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
  18. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
  19. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    It is nicer looking.I have had no problems at all.Great job.win.7 64. sandboxie.mbea. shadowdefender.
     
  20. 142395

    142395 Guest

    Though there're many blacklist sites, I don't know if it is allowed to put those link here.
    I rather recommend using Fiddler. First, setup vulnerable system including old Java, Flash, Silverlight, as well as vulnerable IE (remove patches or use old Windows image). If you also want to test docs, then old Adobe Reader and Office too. Note too old programs won't be good as many exploit kit don't target them (they are case sensitive).
    Then install Fiddler, and go to http://malware-traffic-analysis.net/ and http://malware.dontneedcoffee.com/
    Former site provides exploit's packet capture on almost daily basis while latter provides exploit packet's archive sometimes.
    Make sure to clear browser's cache before testing, I recommend always use private mode (for IE, add -private to shortcut) during the test.
    Sorry now I don't have Fiddler on my system so just speak on my memory, but open Fiddler and from "File" you can import those files, if it is pcap choose "Packet Capture" and if archive then something like that.
    Then traffic will appear in left pane, so drag & drop each of them [it seems you can "select all" via mouse or via Ctrl+A, I didn't know that.] to right pane under "Autoresponder tab". After that, check "Enable automatic responses" & "Unmatched request passt" and launch browser.
    Of course do all of those upon your own risk.

    [EDIT: I think if you also want to test drive-by download, you have to further edit right pane rules for malware download request to point to local malware file you previously put.]
     
    Last edited by a moderator: Dec 5, 2014
  21. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    Oops I think I just ran into some odd issue now. Of all times haha. Running version 1.05.1.1014 of MBAE Premium and Chrome version 39.0.2171.71. I have Adblock, Pushbullet, WOT, and Google Docs extension added. Apparently whenever I start Chrome, MBAE stops it and reports "An exploit code has been blocked in Google Chrome (and plug-ins)." This was not the case with the previous version of MBAE. I tried disabling all extensions to see if it's an extension issue but nope. Anyways, I have attached the rest of the logs and stuff in ProgramData to a PM and sent in to you. Is there anything else you might need? In the mean time, I have simply deactivated it for Chrome since it's still working fine so far with all my other browsers. Thanks!
     
  22. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the logs. Reviewing and will respond to your PM asap.
     
  23. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Was trying to download Google Chrome. And it seems there was an exploit code on it.

    1. I searched for "google chrome" on google
    2. I try clicking on the "Chrome - Google" but the page was blank, I thought the problem were my browser and/or addons but the page was still blank.
    3. I try clicking on the link below that says "Chrome Browser" and was able to access a page where I could download it.
    4. Installed it. And tried to run it. However when I did Malwarebytes Anti-Exploit prompt that "Exploit attempt blocked!"
    Log reads as "An exploit code has been blocked in Google Chrome (and plug-ins).

    Was this an actual exploit or a simple error?
     
  24. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    @Azure, can you please PM me your MBAE user data directory (C:\ProgramData\Malwarebytes Anti-Exploit) in a ZIP or other compressed archive format?
     
  25. Enternal

    Enternal Registered Member

    Joined:
    Apr 21, 2009
    Posts:
    47
    Thank you very much! It now works perfectly! Awesome job as always!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.