Malwarebytes Anti-Exploit

If Flash/Java/Silverlight et al is up to date and patched, it is likely you'll not get a reaction from MBAE. Exploits target older versions of these programs that are vulnerable to the attacks employed.

 

I did test with older versions. IE was version 8 and flash was an older version 11.5 from 2012. Nod 32 flagged the malware but not a peep from malwarebytes anti exploit.

 

It's most likely not an exploit. Go ahead and send me a PM with the link in question and we'll take a look. Alternatively you can save a capture with Fiddler of your session while visiting the page and post it here.

 

Should we leave the unticked box as it is in the Experimental build.
For Ex: Anti Heap Spray Enforcement in Advance Settings is unchecked in Chrome Browsers.

 

Yes the default are the recommended settings. I've heard from users who activated everything without any negative impact, but that's on a case by case basis.

In the case of Chrome browsers we are now treating them differently from the rest of browsers as they incorporate some security mechanisms not found in other browsers.

 

@ZeroVulnLabs
Keep up the good work! Magnificent it is!

 

Some problems I found in the Experimental version.
Chrome is sometimes not being protected. Restarting the computer solves the problem stopping and starting the protection does not work.
Application counter is buggy.

 

Which version are you running exactly?
Can you send me your MBAE log files? PM is OK.

 

https://threatpost.com/flash-reader-firefox-and-ie-fall-on-pwn2own-day-1/111720

https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731


Hi Pedro.
MBAE acts against vulnerabilities sandbox escape?

 

This has being showing up around 10 times this day on Facebook / YouTube:

On Windows 8.1 Update 3 x64 / Firefox 36.0.1 / Sandboxie 4.17.1

 

Yes it should. That's not to say that a determined hacker specifically targeting MBAE cannot get around it.

Can you please PM me a ZIP of your MBAE logs directory? -> C:\ProgramData\Malwarebytes Anti-Exploit

 

I just see that a new version of MBAE, is out...Why doesn't my experimental version update automatically, or at least advise that a new version is available?

 

Because it's still beta and we don't push out automatic upgrades to experimental/beta versions.

EDIT: once the final 1.06 is released and its automatic upgrades are activated, all the 1.06 beta versions will automatically upgrade to the final version. Just not to in-between beta versions.

 

Yeah Ok...but, if I hadn't had a look over at Malwarebytes forum, I would have been clueless...

 

I have just installed Build 1012 beta...But, I wonder why it wants to change in the registry as shown by SSM.

 

That's just the installation of the new MBAE service.

 

OK...I just answer allow, when I see those type of popups from SSM in my XP system, whenever I see those kind changes to the registry that happen, updating a program or installing from scratch.

 

What program is this that detected the registry modification?

 

SSM was a program that was developed when XP was the king...But, sadly it was too complicated for the average user, and development ceased.

P.S. @noone_particular is the expert, I feel when it comes to SSM. You might like to PM, him, for further details....I just trust it, and click allow, most times...It works for me, that way, but maybe dangerous for others.

Edited: made a couple of changes for clarity.

 

https://github.com/r41p41/snippets/blob/master/mbae_Bypass.py

 

Who was it that you quoted?

 

Ah, thanks very much for the clarification.

 

Since the latest MBAE 1.06 adds
-advanced configuration of mitigations per family

Would disabling redundant mitigations improve its compatibility with HitmanPro Alert 3?