Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    If MBAE successfully blocks the exploit, then it can't even perform the DLL injection part. But apparently malware that is started manually by the user, can also use this "reflective DLL injection" method, and this it outside the scope of MBAE. This is something that should be stopped by HIPS.
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Unless it needs inbound access, which I don't & won't grant to anything, I don't see what could be blocking it. I block IP In and ICMP In & Out in my global rules. But I can't imagine it would ask for that type of access. I can't imagine anyone in a place like this allowing it.

    And besides that I have no rules for either of MBAE's processes in my app rules right now. Once in awhile I see it ask for internet access and I grant it Outbound, the rule for which is to allow all IP Out. And for awhile I had both services granted Outbound access in the app rules with automatic updating enabled in MBAE (which I don't like granting for anything, btw)... but it still never updated to a new version.

    As I said in my D+ rules I treat it as an installer when it tries to update, which grants it pretty much carte blanc on your computer (another thing I don't like doing), but I'm trying anything to get this thing to update and it's just not cooperating.

    I noticed there were some logs and other things saved in my D+ rules, which I cleared. Thought maybe that was keeping it stagnant. Also I have mbae-svc.exe injected into the interprocess memory of Windows Explorer, which is sandboxed. So I just removed that hoping it may do the trick. Then I'll put it back. I'll let everyone know if it works. If it doesn't I'm pretty much out of ideas here.

    And also could you please clarify the question I asked about whether MBAE does or does not use IE's/Internet Options connection settings to get it's updates? I mean I tried it both ways and it didn't work but maybe that in tandem with something else would do the trick... so I need to know this. I know Sandboxie uses it and Comodo used to as well. I personally set up a fake proxy of 0.0.0.0 in the Connection tab to effectively block it and then go into Group Policy to grey it out too for good measure.
     
  3. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Besides this little dilemma I've run into it's a great little product.
     
  4. Nikos751

    Nikos751 Registered Member

    Joined:
    Jul 28, 2015
    Posts:
    6
    Hello!
    Can MBAE protect against javascript exploits?
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It want be manually started by me unless it's bundled in some very reputable software that I trust lol.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yes, MBAE free version protects against browser, and javascript eploits.
     
  7. Nikos751

    Nikos751 Registered Member

    Joined:
    Jul 28, 2015
    Posts:
    6
    Thanks! Just wanted to make sure :)
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    What browser do you use? I think all the popular browsers are already on the Shielded list by default. I just want to make sure yours is.
     
  10. Nikos751

    Nikos751 Registered Member

    Joined:
    Jul 28, 2015
    Posts:
    6
    I use Chrome, it is protected. IE opera and Firefox are also supported. What I would like to know is what MBAE protects from and what it does not (talking about exploits, for example xss attacks and sql injections are techniques MBAE cannot protect from)
     
    Last edited: Aug 19, 2015
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Are you sure MBAE does not protect against xss attacks? I thought it did.
     
  12. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    I have a problem with MBAE, when I close firefox, it looks like it is closed but it does not close completely, it still appears in task manager. When I open firefiox again a second one appears in task manager. I had many firefoxes in task manager because of this. With MBAE disabled closing firefox is not a problem. How to fix this?
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    https://forums.malwarebytes.org/index.php?/topic/136424-frequently-asked-questions/#entry846348

    Can you post or PM me an FRST log?
     
  14. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    With MBAE free you cannot access the Settings menu or clear the logs if you are using a Standard account.
    Its a bit painful having to sign in as Admin to change the settings.
    Is this behaviour the same in the Pro/Paid version?
     
  15. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    That seems rather silly. Do they at least prompt for Admin credentials?
     
  16. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    You could exit the GUI and start it again with run as admin. Have you tried that?
     
  17. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    There is no prompt to elevate to get Admin credentials.

    There is no option to exit the GUI.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Right-click on the system tray MBAE icon and choose "Hide icon". Then locate mbae.exe (or search anti-exploit from Start menu), right-click and choose "run as admin"
     
  20. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    I can now run it manually as Administrator.

    But my question remains: will I be able to access these settings with the Pro version ? (If so I may be tempted to buy it).
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Free & Pro are the same version. The key simply unlocks certain features. So basically you can get to these settings by following the same procedure.
     
  22. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    I see, thanks.

    I have been getting a lot of false "exploits" being logged recently caused by an incompatibility of Sandboxie and win 10 and I was just hoping I could clear these more easily.
     
  23. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Chrome already has built-in protection against XSS attacks. If you want to complement it use this extension and enable its XSS protection in the configuration page:

    https://chrome.google.com/webstore/detail/netcraft-extension/bmejphbfclcpmpohkggcjeibfilpamia
     
  24. Nikos751

    Nikos751 Registered Member

    Joined:
    Jul 28, 2015
    Posts:
    6
  25. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    I have a question about MBAE. I installed it and it seemed to work fine except no popup indicating protection when opening Google Chrome. Firefox and IE were fine. Is there a special setting for Chrome. I am using free version of MBAE. Thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.