Malwarebytes Anti-Exploit

https://technet.microsoft.com/en-us/library/security/ms15-091.aspx
https://technet.microsoft.com/en-us/library/security/ms15-095.aspx

 

Nope, mitigations in EMET are largely different then the ones implemented in Edge/Win10.

vuln != exploit. I am still convinced that if someone can escape the sandbox of 64-bit Edge, that bypassing EMET, HMPA or MBAE wouldn't be a problem either.

 

Yes, totally agreed!

 

Not true; it adds exploit mitigation to applications via the OS compatibility layer, which has gotten more robust with each OS--more features (like font AE) are only available in EMET when running under Win10 (see the EMET 5.5 beta Users Guide).

I don't know how MBAE works or if it adds those capabilities to older OSes--that would be a value added if it did.

 

OK, maybe "useless" is a bit harsh here. According to the technet article, Win10 "can make EMET unnecessary on devices running Windows 10", yes, it can (but probably doesn't) make it redundant. So I guess using anti-exploit software is still an important layer of security, despite the fact that Win10 is a more or less secure OS.

 

@ ZeroVulnLabs

Would MBAE be able to block this exploit?

http://blog.trendmicro.com/trendlab...pawn-storm-circumvents-mitigation-techniques/

 

The SWF file has not yet been shared on VT and no analysis is provided for the ROP / shellcode part, so it is hard to make a statement about that.

The actual question should not be "Does $exploit_mitigation_tool block block exploit X?", but "Does $exploit_mitigation_tool block exploitation techniques A, B and C?" as most exploits can be altered in such a way that they bypass $exploit_mitigation_tool.

 

This seems to work also (registry tweak)

 

Build 1040 published.
Fix for some issues with .NET and a fingerprinting technique FP.

 

Installed Build 1040 an hour ago. No problems so far. Thanks, Pedro.

 

From 1.08.1.1039 to 1.08.1.1040 on Windows 10 Pro x64.
No problems so far.

 

I can't find a working link to 1.08.1.1040 (and yes, I have tried the link in pbust's signature).

 

https://copy.com/rGXea0aQsYNsjPiy

 

Thanks but that doesn't work for me either.

Edit. Its OK now. It turned out my ISP's filter was blocking the download. I have adjusted it to be less cautious.

 

I wasn't talking to you

 

I also stated that no matter how I use it I run into the same problem. Even if all I decide to protect are a few key internet facing processes & FF, it still happens. And when I protected SBIE's services on version 1.06 I didn't have any of these problems. In fact... I can protect ALL of that gigantic list that you and others believe to be ill-advised on that version and everything works just fine. When I boot up Windows they are all protected, and no problems.

And syringe himself even said he saw potential merit in blocking those sandboxie processes after I pointed out doing so, and that he decided he'd added it to his approach even after I had a temporary change of heart. But now everybody is talking about how it's not only useless, but a bad idea, not what it's designed to do, etc... all because the Czar has spoken so of course the lemmings must follow.

I'm using v1.06 where everything works just fine, and have no plans to upgrade. Will back up this installer to several places.

 

Installed 1040 over 1039 no problems so far. Advanced settings - checked all. Win 7 Prof.

 

Windows 8 x32...1040 smooth running.

 

Build 1043 release. This is RC.

 

Thank you.

 

I upgrade to 1043 from build 1040. So far I have not experienced any issues. I'm on Windows 7X64 Ultimate.

 

No problems with 1043 so far. How do I reset the counter (Blocked Exploit Attempts).

 

From 1.08.1.1040 to 1.08.1.1043 on Windows 10 Pro x64.
No problems so far.

 

ETA?

https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-105#post-2524779
https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-103#post-2523394

 

OK I see. The reason why I wondered is because apparently the exploit writers tried to actively bypass new mitigations in Flash Player.