Malwarebytes Anti-Exploit

Please read/look at recent posts...The version is mentioned!

 

Based on this it seems its 1.07.1.1007 which was a beta. Try upgrading to the latest and it should be fixed.

 

See this

 

To be honest, I don't think it's a good idea to protect SBIE with exploit mitigations, in theory it might make SBIE malfunction. To clarify, I had some problems with the SBIE + HMPA combo, so that's why I'm mentioning this.

 

BTW, I still don't understand everything. Let's say that you managed to exploit the browser or document reader with kernel exploit. Will the payload always run with high or system privileges? And will the payload load as a child process of the exploited parent process?

 

Hmm this is weird. It should not be happening. Maybe its a bug or in a loop. Did you have a detection recently? Can you PM me your logs dir to see what's happening?

 

Does the MB website have a section for comparing hash values for SHA-1 and MD5?

 

Not that I know of.
What are you trying to achieve exactly?

 

Just wanted to check if the file hashes provided by the Cloud file match the one I received is all, ... no biggie. Seen some forum regulars here and elsewhere use it as a testing platform for checking MitM (man in the middle) stuff.

 

Not sure why you're uninstalling before putting new versions over the top, but a simple solution is to use PatchMyPC:
https://patchmypc.net/

PatchMyPC includes MBAE as one of the programs it can update. You could set it to only update MBAE, on a daily schedule. The options are pretty simple to understand and worth looking through to get the most out of it.

 

it seems suddenly malwarebyte anti-exploit intefered with firefox? Suddenly it blocks it form opening an pops a exploit message? A few minutes ago was doing ok. This is a clean and nothing changed. SO some how some compatibility issue maybe? In the warning it says firefox.exe is expolit. lmao.

 

Can you post or PM me the MBAE logs?

 

any new about the error : Couldn't load XPCOM in firefox with Kaspersky internet security 2016

 

See my e-mail, sent a short time ago.

 

Its in our QA's queue. Has anybody else experienced this?

 

OK replicated. Will take a look at it next.

 

how can I send the log of anti-exploit. Here is what the log says:

 

Instructions here -> https://forums.malwarebytes.org/ind...e-first-posts-here-need-to-include-mbae-logs/

 

Malwarebytes Anti-Exploit 1.07.1.1015
https://downloads.malwarebytes.org/file/mbae

https://forums.malwarebytes.org/index.php?/topic/170015-malwarebytes-anti-exploit-10711014/

 

Thanks for the suggestion. I'll take a look at the software. I had trouble upgrading from an earlier version of MBAE and I did a clean install. Just done it ever since. It's been pointed out that I can install over my current version, so I'll just do that going forward .

 

There is still a known bug in MBAE which, during an upgrade and under rare conditions, fails to upgrade correctly and results in a "reboot to complete" message. After the reboot the MBAE service is gone and you get an error saying "MBAE protection not started".

This bug is basically the service failing to delete itself during an upgrade due to something (procexp, backup service, etc) having an open handle to the Service Control Manager (SCM). For MBAE 1.08 we're introducing code to detect this state and automatically recover from failed upgrades after the reboot.

The solution when this bug is encountered is a fresh re-install, which consists of the following steps:
1- Close all apps
2- Uninstall MBAE from Control Panel
3- Delete the logs dir (C:\ProgramData\Malwarebytes Anti-Exploit)
4- Reboot
5- Download the latest version and install

I wanted to explain this as we're about to release the auto-upgrade to 1.07 build 1015 on Monday. Now you are aware of the bug in the rare case that you or your users encounter this.

 

Monday? 1015 is what one gets when clicking the green Get My Free Download button on the Web site as of yesterday when I checked, and installed it.

Anyhow, the "reboot to complete" did happen to me when I updated from 1011 to 1014, but upon the failed restart, running the 1014 installer again did OK.

The 1014 to 1015 needed the uninstall/reinstall but I didn't delete the logs directory (because all this happened before your #2371 post). The upside is having not deleted that directory, all my settings and shields were preserved.

Speaking of introducing code...
•The shielded apps counter needs re-introducing.
•There needs to be code for a settings and shields export/import feature for the Premium users.

Thanks!

 

I always experienced this problem, and the quickest method to resolve this is, once you get the "reboot to complete" message, do not reboot, rather install the application again on top and this time mbae protection will start. So essentially you will be running the installer twice to complete the upgrade process.

 

I had that problem once, but since then, when I install a new version (always on top of the previous one), I simply stop MBAE's protection, and when the install is finished, I reenable it.
Never had that problem again since then.

 

I got the "reboot to complete" prompt on my 8.1 tablet (from x.1010), which surprised me. I rebooted. I don't recall having a problem with the service not starting... I believe it did.

But at some point, it seemed that I wasn't getting the popup-balloon message that IE was protected. With the shield counter now gone, there was no confirmation there. So I decided to turn on the log-events-file option. And sure enough, IE was not showing up there either. I don't have Process Explorer on this tablet, so I wasn't able to check out whether MBAE was being injected into IE despite MBAE not acknowledging it.

I reinstalled x.1015 over itself, and [as best as I recall] the same thing happened. So I've reverted back to x.1010, which seems to be working as it had. Although I must admit, even here, I think that IE's protection may have shut off once or twice (the lock-icon was showing as open)... and while it's possible that my "clunky fingers" might have accidentally clicked on something on this tiny 7-inch tablet, I don't believe I did. Has anyone else ever encountered/reported this: IE's protection getting disabled "on its own" in x.1010? Or it not working/acknowledged at all in x.1015??