Malwarebytes Anti-Exploit

I would imagine that bypasses MBAE would be a lot easier on XP, given the static addresses everywhere.

Assuming their techniques are similar to EMET's EAF or Anti-ROP, all of which are not exactly difficult to get around, especially when you know the addresses of everything.

 

I agree HungryMan... in fact I think that's obvious. But just saying if people are going to stick with XP regardless, having it is better than not having it. Even I, a major XP otaku that's been very outspoken about it on this site, recommends upgrading when official support ends for it. But some won't. And I think having this would be better than having a dated/vulnerable version of .NET FW on their machines to run an also dated version of EMET. Less vulnerable attack surface and a product that's continuing to be updated, assuming support for XP will continue with MBAE for awhile.

 

Yes, that will continue.

 

what exactly does this program do?

 

https://www.malwarebytes.org/antiexploit/
FAQs: https://forums.malwarebytes.org/index.php?showtopic=136424

 

For the first time, MBAE does not cause freezes in Chrome for me. As of the latest beta 0.09.5.0250 everything is working smoothly. At least, so far!

 

I'm using HitmanPro Alert and MBAM Real Time.

Do i need Malwarebytes Anti-Exploit?

 

MBAM does not include MBAE and HMPA is post-infection only, so yes, you do need MBAE.

 

What is the differences/advantages between MAE and EMET?

 

Answer 18 from the FAQs:
https://forums.malwarebytes.org/index.php?showtopic=136424

 

Great support pbust.

 

EMET stops exploits at stage 1 only, MBAE does it at stage 2 as well.
You need tune EMET, MBAE does everything itself.

 

I installed the last MBAE in the same folder as the one before it. Could that be why some Chrome Extensions were frozen sometimes.

 

We have detected a problem under some circumstances with MBAE 0.09.5.0250. We've fixed it already in a .0300 build and people are reporting it fixes the problem correctly. PM me with your email address and I'll send it to you.

 

You meant this thread I think:
https://forums.malwarebytes.org/index.php?showtopic=136424

Question: EMET is not necessary if running MBAE?
I find EMET somewhat hard to configure.
MBAE is just install and forget.

 

You're right, thanks for pointing that out. I'll fix my previous post.

Correct, EMET is not necessary if running MBAE, at least not since we added a lot of stage1 protections.

 

What's the ram usage currently?

 

I had the missing icon problem, so I killed the mbae.exe and restarted from MBAE desktop icon.



But, then I noticed it was showing 'Shielded applications:' 0 , so I stopped MBAE, and restarted again using the radio button.



So, I am not sure whether that was normal, or not.

 

It shows the currently running shielded applications.
If none are running, then it shows 0.

 

I presently see 704KB (yes, kilobytes!) Working Set memory.

 

EMET will be not necessary if a user can add any applications under MBAE protection, like in EMET.

 

True. I don't use adobe reader or microsoft office. In that case, only protection MBAE can provide is for firefox, flash and media player. So I am happy with EMET for now.

 

Many thanks to everyone for all you do to keep us safe...

 

That's the fine line between a vulnerability and an exploit (an exploitable vulnerability has access to predictable memory addresses in the wild to change the flow of events and execute arbitrary code). So you are basically saying it is easy to exploit when you have an exploit. Yes water is wet most of the time. Come on you are studying IT and have mastered the principles of programming, you can do better

 

WOW! That's great, thanks

Is it pretty stable currently? Can I run it with my current setup?