Malwarebytes Anti-Exploit

i solved my problem.it is because disabled service Windows Management Instrumentation (winmgmt)
i see this in log Addition of FRST
so after enable this service i am able to install it.

 

Installed the new beta and all seems fine so far on Win10!

 

Thanks for reporting this @co22 so that others might take this into consideration if their WMI service is stopped.
From the WMI description:
"If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
The WMI is what we're using for detection of EMET during the MBAE installation.

 

@ZeroVulnLabs

Could you describe the changes that certain new mitigations have brought?
I am especially interested in seeing what type of attacks should be covered by the new: "Layer0 Dynamic Anti-HeapSpraying" and "Layer1 ROP-RET gadget detection" mitigations.

 

just out of curiosity, is there a free version for MBAE or only a trial version. I have MBAM pro installed and was in the MBAM forum/website and looked up MBAE and it had a free version download. So for the heck of it I downloaded it, installed it and it came out as trial version with 14 days of trial. Please enlighten me. Does the trial go to free after 14 days automatically if not purchased? Also if MBAE goes into free mode, what is crippled in it afterwards. Thanks in advance.

 

I don't now where to start. I think that is too complicated for me. When setting the service to delayed start there is no problem anymore between 360 Total Security and Malwarebytes Anti-Exploit. I also reported the problem to Qihoo. Maybe they will come up with something.

 

Yes, there is a free version of MBAE. When you installed it you probably forgot to untick the box where the trial version of premium is offered.

In the free version you cant add/manage custom shields, see here:

https://www.malwarebytes.org/antiexploit/

 

Looks old age might be setting in on my part. I download the free version from the link above. And got to this point, shown below. No where did I see an option to tick or untick and for a free version download. The result shows the Trial version highlighted also shown below. If you could enlighten me as to where this "tick option" for free version is located; would be much appreciated.

 

@wolfrun, if you already activated the 14 day trial, a second installation won't show the trial option during the installation (as it is already activated).

Simply wait for the 14d trial to expire. I think after day 9 you have the option of reverting back to the Free mode.

 

Thanks for the reply. Tried out the template also in Sandboxie and it works well..thnx again.

 

MBAE 1.08 beta running fine here (using it in free mode) to protect Firefox.
When might the next release come out as I want to activate my trial period then.

 

@ZeroVulnLabs
Last beta 1.08 installed two days ago ircc. However today after a reboot various shielded apps threw this error:

Spoiler: error

logs:
https://openload.co/f/mxyNFYzWwws/Malwarebytes_Anti-Exploit.7z

 

https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-103#post-2523438

 

I did that before and solved. But the issue reappeared once again. Thanks.

 

@Mister X, do you have Comodo installed by any chance? There's a known issue between Comodo and Chrome that is causing such an error.

 

No I don't. Fwiw, everything was fine with previous stable version: 1.07
Btw it's not just with Chrome but any other shielded app.

 

Did it ever work with 1.08 or have you had this problem since first installing 1.08? Does a fresh re-install of 1.08 solve it?

 

Yes it worked.
Now a simplistic chronology of events:
1. Upgrade to v1.08 from v1.07 the same day of release.
2. No reboot and worked fine for n hours.
3. Suddenly errors appeared.
4. Uninstalled v1.08 and delete C:\ProgramData\Malwarebytes Anti-Exploit folder
5. Restore file applications.dat from a backup.
7. No reboot. Didn't work.
8. Reboot the machine, it worked. Everything was just fine.
9. One or two days of use and suddenly yesterday after a reboot the issue came again.
10. MBAE 1.08 still running but protection permanently disabled for the moment.
11. Haven't tested again, I see no point doing that.

 

Ok that's weird. Seems like it could be a hooking conflict, maybe with a custom shield (I see you have quite a few of them).

Let's try the following:

1- Stop the MBAE service
2- Delete (or backup/move) the applications.dat file from C:\ProgramData\Malwarebytes Anti-Exploit
3- Start the MBAE service
4- Start the MBAE GUI (double-click on mbae.exe)

Does the problem persist?

 

No it doesn't. But it needs further testing as this is an intermittent glitch. For what I see, you are suspicious of any of my shielded applications, no?

 

I just want to discard potential conflicts. I see for ex that you have custom shields for Chrome's crash handlers.

 

I don't remember doing those explicitly. Perhaps the use of MBAE template in Sandboxie show those handlers in the log file?
Anyway if you agree I'm going to use MBAE this way say, 4 days. If no issues then I will add all my shields back again.

 

v1.0.8.1016
(1) Works fine in Windows7 64bit. Including Kingsoft office files for which I added shields.
(2) In XP - I had to add one shield for Outlook from MS Office 2003. It worked fine in previous versions. But in this version I just got an alert:
"Protection against OS Security bypass
Exploit ROP gadget attack blocked
N/A
N/A"
Yikes, same alerts for Excel and Word. Are they full of exploit?? I won't rule out anything, but makes me wonder.

I didn't uninstall v1.0.7 before installing 1.0.8 and I didn't yet reboot. If things change after reboot, I'll be back.
What is that ROP gadget thingie?

 

Sounds good!

It's an FP with the new ROP gadget detection technique. It seems to only happen under XP. We're investigating. In the meantime you can disable this technique:
MBAE UI -> Settings -> Advanced settings -> OS Bypass Protection -> RET ROP Gadget detection -> Uncheck for Office -> Apply

 

Pedro,
Chrome (v. 45) taking noticeably longer to initialize.
MBAE 1.08.1.1016
NOD32 AV 8