Malwarebytes Anti-Exploit

As the blog post says, the exploit is very unstable and unreliable. So far we've only gotten it to crash. We'll be testing more platforms.

 

Thank you.

 

with the beta version of kapserksy 2016
can't run firefox

Error : Couldn't load XPCOM

 

Can anybody else replicate this? Under what OS?

 

Win7 x64

 

I had a lot of problems using MBAE with chrome 32. I just went to chrome 64 and activated the chrome shield that i deactivated because of many problems with chrome 32. So far all the problems are gone that i had with chrome 32. Will see if it stays that way.

 

We've fixed one bug that was apparent with Chrome. Instead of waiting for 1.08 we'll release a new version of 1.07 this week. The auto-upgrade has been delayed until this new 1.07 version is ready.

 

Would MBAE have been able to mitigate against MS15-078?

 

Yes, most likely with Layer3 mitigations as it is a kernel exploit.

 

Malwarebytes Anti-Exploit v1.07.1.1011
http://downloads.malwarebytes.org/file/mbae

----------------------------------

@ ZeroVulnLabs,
I take it that MBAE it's already compatible with Windows 10 & Edge browser.

 

MBAE v1.07.1.1014 -> https://forums.malwarebytes.org/index.php?/topic/170015-malwarebytes-anti-exploit-10711014/

Fixes a couple of conditions which made Chrome crash. Among those conditions was the "shielded apps" counter, which has been removed in favor of stability under Chrome.

 

I am still running v1.07.1.1007 Premium, and haven't received the autoupdate, as yet.

 

Yes that's because we haven't released 1.07 in the auto-upgrade channel yet. If the new 1014 build proofs itself as stable as we think it is we will release it later this week or early next week to the auto-upgrade channel.

 

I might be misunderstanding, but don't kernel exploits normally defeat all security tools? And what do you think about this one, do you think that MBAE can block such an exploit attack on Chrome? This exploit is a bit confusing to me, because it can not only be used for privilege escalation, but also for remote code execution.

http://blog.trendmicro.com/trendlab...s-another-windows-zero-day-ms-releases-patch/

 

Yes they do, including MBAE. But, as with Duqu, most implementations of the exploit will result in a malicious action in user-land by Word, Adobe, etc and those malicious actions are typically blocked by Layer3.

It is basically the same as with the original Duqu. MBAE didn't detect the kernel exploit (naturally) but it prevented the infection as most of the times weaponized kernel exploits still need to download and exec something. Simply popping the calculator is nice, but it is not useful in a real attack scenario. But of course a skilled attacker could target MBAE or any other product specifically after executing the shellcode and bypass it. That's why the best solution for such kernel exploits is to patch.

 

windows.10 pro mbea 1014.no flyout.not shielded.using chome but just checked and not working for me...

 

@ ZeroVulnLabs
I have no idea why you always ignore my questions.
Thanks for your arrogance Mr. Pedro Bustamante..............

-----------------------

Thank you!

 

no.problems.i just happen to be testing win.10

 

Sorry I missed that. I though I had already answered the question but it turns out it was here, not to you specifically.

 

I decided to manually update.

However, after launching the update at 11:30 pm as per the first screenshot, my system locked up due to a popup from SpyShelter which I have added to this snapshot recently.



After forcing a soft reboot, I started over. See second screenshot.



This time upgrade install was completed. However, the systray icon was missing after the update. This still happens regularly. It returns with the next reboot, usually.

 

Can I ask how often MBAE checks for updates?

I'm a premium user and I like the product but I've had to uninstall and reinstall to get the newest version from the Malwarebytes site. I've had to do this a few times and just did it today from v1.06.1.1019 to v1.07.

Some kind of 'Force Check' option would be great.

 

Thank you.

 

Multiple choices.........

 

Simply download from our here. You can install on top of your existing installation.
In a week or two we'll start activating the automatic upgrades, so if you prefer not to do anything, simply relax and wait for your MBAE to upgrade itself.
https://forums.malwarebytes.org/index.php?/topic/170015-malwarebytes-anti-exploit-10711014/

 

In v.1014, "General: Shielded Applications" are missing.
What kind of "improvement" is this?