Malwarebytes Anti-Exploit

yes...it works on my laptop, but not my desktop computer....

 

I think so. Not positive though.

 

This is the post I'm referring to. I figured this was for x64 versions only, since Win7 (at least mine) don't have "Program File (x86)" folders in them. Just a "Program Files" folder period in the OS partition. But I was wondering if I too could delete the "InjectDll" line of code here in XP as well? I haven't taken the time to mess around with it yet.

Also I'm not sure that would have anything to do with the problem I'm having here anyhow (mentioned on the previous page).

I'm hoping Syringe chimes in here especially, since they're pretty much the guru on this product. I'm ready to roll back to an older version at this point, where at least it automatically shielded sbiectrl & sbiesvc at start. Now I have to delete and then create the shields every time I start Windows to have them protected... along with a bunch of other shields. I create a lot of them... one for every startup app & process, as well as many more.

So have I missed something here?... doing something wrong? Please help me out here.

 

Is anyone else getting spurious exploits being detected in v1.08.1.1016 when they are using Flash (Firefox, Win 10)?

 

Build 1023 is out.

 

Thank you. Gracias lol
PS Your signature link is not updated...

 

Build 1023 is still experimental, isn't it? Hm... I think I'd better wait for next public release. Anyway, thanks for the info, Pedro.

 

I saw the reference to ASUS and Huawei hardware, could MBAE (or MBAM) be preventing an external connection to my video security server?
I use a DDNS to get the current IP address of my Huawei E8372 'wingle' but the connection attempt always 'times out'.

 

From 1.08.1.1021 to 1.08.1.1023 on Windows 10 Pro x64.
No problems so far.

 

It shouldn't have anything to do. If you stop MBAE does your Huawei work?

 

No, I tried but it still didn't work. I posted 'just in case' you might have some insight into the problem since you mentioned Huawei in the change log info.
Thanks for the response.

J

 

It shouldn't have anything to do.

 

With latest beta (1023) when I go to upload a photo/or file to the Internet I get a blocked message from MBAE that an exploit code has been blocked. I am using Firefox 40.0.3 with Windows 7 Pro SP1 x64. I reverted back to latest public release 1015 and it is not blocked.

 

Please post or PM your logs.

 

Reinstalled latest beta and cannot duplicate. I had cleared the log file. If I encounter again I will PM log to you.

Sent you PM

 

Hi Pedro.
I installed the beta 1.08.1.1023 Premium.
Why the sw has 2 connection with Amazon?
TH

 

Build 1025 released. Download link and details in the thread:
https://forums.malwarebytes.org/index.php?/topic/172363-mbae-108-beta-preview/

 

Thank you.

 

I am a couple of beta versions behind at the moment...I am not in my MBAE snapshot, so haven't been able to test, yet.

 

For any of you using Comodo and MBAE, we believe we have fixed some conflict between both these products in the latest beta build 1025. Can you please test it and post back here your results?

 

Sorry my mistake. This was not included in the latest beta yet.

 

From 1.08.1.1023 to 1.08.1.1025 on Windows 10 Pro x64.
No problems so far.

 

Judging by the reluctance to acknowledge my inquiries I'm guessing there is no solution, other than to downgrade to an older version where MBAE & SBIE 3.76 worked just fine together. To the good old days where syringe and I made those posts telling people how to go about getting it done. IMO the product has regressed since then. Now it doesn't automatically shield those processes at startup... neither Windows startup or even Firefox startup. And doesn't show how many shields are running at any given time either. I thought if anything they'd add the feature showing not only that number, but what shield it actually is along side it. But now the number isn't even there. The log shows what "has" happened" (as in past tense), but I don't know with confidence that it still is the case, and what's running.

Right now that "true" manual updating option I've been harping on doesn't even rank toward the top of my list of wants. They are, in order:

1) A return to the way MBAE Paid & SBIE Paid v 3.76 co-existed together a month or two ago when I came to the revelation that they do. Preferably even an improvement, but I'd be happy just to have things back to the way they were.

2) A list of the shields that are running. I don't even care if there's a number... I can count just fine by myself.

3) A "true" manual updating option. i.e. - A simple box that says "Check Now for Updates" in the "About" tab. And after clicking on it no other boxes popping up asking questions or interfering... just update, and reboot if necessary.

4) More granular rule setting. I've come to find that most things can work with everything checked, which is how I have my "Other" template set up. But I make A LOT of custom shields... every startup process & app. Lot's of things in my System32 folder. Everything facing the web. My real-time security software. And then some. And there just aren't enough templates to be able to fine tune everything the way I want it. But I realize 1) - 3) will take a while and are much more important (in my opinion), so there's no hurry here. And honestly if 1-3 were remedied I'd be fine giving this one up.

 

@luciddream I've think I've been able to reproduce your issue on XP- once. It didn't show up until after a reboot though, it worked fine before that which is odd. After a reboot it would not protect a SBIE launched notepad. However after reverting to the clean snapshot and reinstalling both programs, it has continued to work even after a reboot so it may very well be an actual issue in the latest beta. I won't have much free time for the next few weeks but I'll try to take a closer look and see if I can find an answer. atm I'm stuck just trying to trigger the bug again so I can grab some procmon logs, it keeps working this time... At this point all I can suggest is trying to uninstall both SBIE and MBAE then reboot, reinstall them, reboot and see if it happens again. =(

 

@luciddream, as for #1 @syrinx is your best bet. We do not officially support Sandboxie so obviously other bugs and features will always take precedence over Sandboxie.

As for #2, we are designing a new solution to this. It is not short-term but we haven't forgotten about it.

As for #3, also we are designing a "true" manual updating option. Again, not short-term but its in the works.

As for #4, this we probably won't do as advanced settings is already complex enough for the vast majority of users.