Malwarebytes Anti-Exploit

I have been getting MBAE updates FREE from Malwarebytes for a very long time. From the get-go I realized that I was getting beta versions. It was sort of an implied "deal" between me & Malwarebytes. Namely, I could use the app for FREE but -- in so doing -- I was voluntarily accepting the risks & responsibilities inherent in being a beta tester.

From this standpoint, I would be surprised if debug logging were NOT enabled by default.

 

so maybe don't let it connect , it does not need Internet I think, as updates are done manually

 

... or auto =

 

Puit the following entry in the HOSTS file : -
127.0.0.1 data-cdn.mbamupdates.com

The HOSTS file is in the folder 'C:\Windows\System32\drivers\etc'

Adding that HOSTS file entry will block the MBAE version updates.

 

The other solution? Don't add the updater to your firewall allowed connection list and it should stay blocked.

 

Malwarebytes Anti-Exploit Beta 1.13 Build 424 (October 27, 2021)
Release Notes (Forum)
Download: https://downloads.malwarebytes.org/file/mbae

 

Got it. 10Q @mood

 

I wonder how effective it can be, I remember it stopped a truly evil instance of process hollowing, but it only happened once in my life and thus far this thing is silent

 

While I do still run MBAE Premium (now beta) on a couple of little-used Win7 systems, I opted to go with default settings in Windows Security Exploit protection (WSEP?) for my two Win10 systems.

Back in the day, I found no compelling discussions as to which was more efficacious, EMET or MBAE, other than the latter having a comfortable UI. As user of Pedro's product at the time, I just rolled with the Mawarebytes iteration.

With EMET having evolved into WSEP, I'm now a beta tester for one company, not two, by dumping MBAE.

MBAE did whack a few things over the years, but searching for and pulling some log files from ancient backups on optical media isn't worth the effort. As with most all other things considered, either MBAE and WSEP is BTN (better than nothing).

Cheers.

 

Uhh... "legitimately evil" = oxymoron?

 

@bellgamin
rather something without the "oxy" prefix

No I wanted to say a "truly evil" file, or "confirmed to be malicious"

 

so a true positive rather than a false positive

 

A TRULY false positive, of course.

 

security terms
https://www.v500.com/false-positive-false-negative-true-positive-and-true-negative/

 

I just got an update. Now, have v1.13.1.430

 

Malwarebytes Anti-Exploit 1.13.1.430 released - Jan 11, 2022

https://forums.malwarebytes.com/top...i-exploit-113-build-430-released-jan-11-2022/

 

Java Shield can self-deactivate
Has anyone else found that Java shield in MBAE 1.13.1.424 (and now also MBAE 1.13.1.430) has self-deactivated? I have only recently realised that this was happening because the shields list has to be scrolled to enable the Java entry to be seen so many might not realise that their MBAE Java shield is also deactivated. I guess that this was going on well before MBAE 1.13.1.424 was released but I wasn't aware of it until just before Christmas when curiosity prompted me to look at the shield list. Of my six Windows 10 PCs/laptops, the MBAE Java shield is self-deactivated on two of them.

You can manually activate Java shield but on the next startup of MBAE it can self-deactivate for no reason that I can figure out.


Problem solved
I have found that uninstalling MBAE 1.13.1.430 and deleting the C:\ProgramData\Mallwarebytes Anti-Exploit folder followed by installing MBAE 1.13.1.345 SEEMS to solve the problem. MBAE 1.13.1.345 immediately gets updated to MBAE 1.13.1.430 but the previously persistently deactivated Java shield survives a system restart, being found to be still activated.

 

=
Malwarebytes Anti-Exploit Beta 1.13 Build 407:Spoiler: Changes v1.13 Build 407= Disabled Java shield by default

 

I could not manually permanently activate Java shield. I was considering the possibility of Java being unknowlingly installed.

 

Updated just now...

 

Malwarebytes Anti-Exploit Beta 1.13 Build 443 (February 14, 2022)
Release Notes (Forum)
Download: https://downloads.malwarebytes.org/file/mbae

 

Was pointed to a different Wilders' thread and thought to drop by this thread and say hi. Happy to see this thread is still semi active.

Just heads-up from the MBAE side, MBAE R&D is very much alive and kicking, keeping up to date against latest attacks and to continue being an enhancement to any endpoint security. David my ZVL partner (orig MBAE idea and dev) and the original MBAE team is still mostly the same here at Malwarebytes, although it has grown a bit. We're adding some interesting techniques to PentestingMode and trying to balance that with keeping driver/hooking conflicts under control. Hope you've seen the TPSC vid.

 

Nice to see you again on this forum, and great to hear that MBAE is still alive and kicking!

I still believe that MBAE and HMPA are the most advanced tools when it comes to protecting against exploits. Of course attacks on home users aren't as likely as in the past, but it's still nice to have, because you never know when it's your unlucky day, know what I mean?

 

Yes, HMPA guys are great, and they know how to party

 

Wait a minute, can you tell me a bit more about this, you are all friends now? I remember in the past you guys had a couple of discussions about whether HMPA or MBAE was better at protecting against exploits, it was so funny and entertaining.