Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    If Flash/Java/Silverlight et al is up to date and patched, it is likely you'll not get a reaction from MBAE. Exploits target older versions of these programs that are vulnerable to the attacks employed.
     
  2. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    I did test with older versions. IE was version 8 and flash was an older version 11.5 from 2012. Nod 32 flagged the malware but not a peep from malwarebytes anti exploit.
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    It's most likely not an exploit. Go ahead and send me a PM with the link in question and we'll take a look. Alternatively you can save a capture with Fiddler of your session while visiting the page and post it here.
     
  4. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Should we leave the unticked box as it is in the Experimental build.
    For Ex: Anti Heap Spray Enforcement in Advance Settings is unchecked in Chrome Browsers.
     
  5. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes the default are the recommended settings. I've heard from users who activated everything without any negative impact, but that's on a case by case basis.

    In the case of Chrome browsers we are now treating them differently from the rest of browsers as they incorporate some security mechanisms not found in other browsers.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
  7. harshisthere

    harshisthere Registered Member

    Joined:
    Aug 8, 2011
    Posts:
    84
    Some problems I found in the Experimental version.
    Chrome is sometimes not being protected. Restarting the computer solves the problem stopping and starting the protection does not work.
    Application counter is buggy.
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Which version are you running exactly?
    Can you send me your MBAE log files? PM is OK.
     
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,792
    Location:
    .
    This has being showing up around 10 times this day on Facebook / YouTube:

    On Windows 8.1 Update 3 x64 / Firefox 36.0.1 / Sandboxie 4.17.1
     

    Attached Files:

  11. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes it should. That's not to say that a determined hacker specifically targeting MBAE cannot get around it.

    Can you please PM me a ZIP of your MBAE logs directory? -> C:\ProgramData\Malwarebytes Anti-Exploit
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I just see that a new version of MBAE, is out...Why doesn't my experimental version update automatically, or at least advise that a new version is available?
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Because it's still beta and we don't push out automatic upgrades to experimental/beta versions.

    EDIT: once the final 1.06 is released and its automatic upgrades are activated, all the 1.06 beta versions will automatically upgrade to the final version. Just not to in-between beta versions.
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Yeah Ok...but, if I hadn't had a look over at Malwarebytes forum, I would have been clueless...;)
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I have just installed Build 1012 beta...But, I wonder why it wants to change in the registry as shown by SSM.

    ScreenShot_MBAE_v1.06.1.1012_beta_07.gif ScreenShot_MBAE_v1.06.1.1012_beta_08.gif
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    That's just the installation of the new MBAE service.
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    OK...I just answer allow, when I see those type of popups from SSM in my XP system, whenever I see those kind changes to the registry that happen, updating a program or installing from scratch.
     
  18. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    What program is this that detected the registry modification?
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    SSM was a program that was developed when XP was the king...But, sadly it was too complicated for the average user, and development ceased.

    P.S. @noone_particular is the expert, I feel when it comes to SSM. You might like to PM, him, for further details....I just trust it, and click allow, most times...It works for me, that way, but maybe dangerous for others.

    Edited: made a couple of changes for clarity.
     
    Last edited: Mar 21, 2015
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    TomAZ

    SSM won't work on any x64

    Pete
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    Who was it that you quoted?
     
  24. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    Ah, thanks very much for the clarification.
     
  25. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Since the latest MBAE 1.06 adds
    -advanced configuration of mitigations per family

    Would disabling redundant mitigations improve its compatibility with HitmanPro Alert 3?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.