Malwarebytes Anti-Exploit

Hau mal auf den Tisch Brummelchen.

Well my problems are fixed now and I reported also to Mozilla and Malwarebytes so I'm happy again now and can't really complain, it works just well in the background without any problems (let's see with FF 44 release today).All I did was updating uBlock btw.

But I have a serious question, I've read the Anti-Ransomeware thread which seems a promising new product and I'm asking myself why it's a new product and isn't merged within this one? And do I need both or is Anti-Ransomeware enough, I'm asking because Anti-exploit is already against expoits and most of the listed ones are today based on exploits according to ZeroVulnLabs post here. So I'm asking myself what's the new deal, I know AntiExploit not currently detects everything but it confuses me, again why wasn't it merged within MBAE? Maybe you can once again clear something @ZeroVulnLabs to solve this. Because we now have 3 different products but I would love to see one for or all or maximum a second without proactive protection.

 

Re-read the Anti-Ransomware BETA thread. I had the same questions which pbust answered. As for the all-in-one discussion, that will remain a discussion for the time being - here and in the Malwarebytes forum. Tschüß.

 

On Windows10 MBAE 1.08.1.1045 is licenced but on the Settings panel the top 3 options are disabled. Even if use it as admin. So I can't set it to log for example. Is that a feature? It's fine on XP and Windows7.

 

Try closing mbae.exe and then running it as admin (right-click, run as admin). If they are still disabled please post a screenshot and your MBAE logs.

 

Done. Please see PM.

 

MBAE missing its icon from windows notification after I use Ccleaner. Until I clean the junk its there, but once I use ccleaner its gone.

 

If you had problems between MBAE and Windows 10, please upgrade to build 1188 to verify this latest fix:
https://malwarebytes.box.com/s/ouzkv505v5zesp3jd0mwhkmhwonm92w2

Thanks!

 

Mine is there, but it depends on one's settings. Could it be Tray Notifications Cache checked under Windows>Advanced?

 

v1.08.1.1188. What is this?

 

Guess a new beta, undisclosed.

 

I did re-read the thread but it sounds more to make money (which would be okay) if it's clear mentioned that this isn't needed with e.g. Windows Defender (which comes pre-installed with any newer Windows version. And of course with some 'higher' windows version like enterprise/pro this Ransomware software is also then not needed because you could just lock executables or lock entire tmp dirs via secpol restrictions. In respect of this new kind but it's jut to make money and that's all. Crypo and other ransomware also needs administrative privileges (which again could be locked via windows own mechanism by simply not use an admin account or lock it via password so that new software needs a password to get access).Don't get me wrong but 99% of today's malware can be blocked if the user restrict or harden access via e.g adm/secpol and with Windows 10 additional protection mechaism are added e.g. like cfguard so it's not like the 90's anymore. Another problem is that if you work with a second account or a live cd you could also remove it or use similar tools (which does exactly the same) like Kaspersky's exe tools to decrypt xyz ransomware, I think they did a better job here because there software is free and smaller and not need to be pre-installed. It's no offensive against the product but it's defiantly not necessary (for me).

 

I don't have that option checked

 

Let me upgrade to the latest beta and post my results

 

Anyone had such an issue?
When it's happening?: When the screen sleeps and i try to refresh it back.
OS: Windows 10.0.10586.
Used it with: Bitdefender Total Security 2016, Avira Antivirus Pro + Malwarebytes Anti-Malware Premium v2.2.0.1024 and still having this issue.

 

you have BD and Avira both in background running? omg
i think its an issue with you graphic cards driver.
or does it happen when you have MBAE installed? try without and repeat!

 

Hi Brummelchen, Sorry if it wasn't clear enough, I meant that i tested MBAE with BD total security , and had that issue, then used it with Avira Pro + MBAM , and also had the same issue. It even happened in between, while i had nothing installed but MBAE.

 

@ZeroVulnLabs

Pedro can you check Chrome with Appcontainer enabled?

Edge MBAE.dll is injected in AppContainer sub processes

Chrome: MBAE.dll is injected in broker (medium), GPU (LOW),but is not in the DLL list of the AppContainer subprocesses

Thx Kees

 

That's correct Kees. In Chrome those sandboxed processes are pretty locked down and cannot be injected as they prevent any and all communication with the Service.

 

Do you mean it's not necessary to run MBAE with Chrome?

 

I see, thank you.

 

i have opera running and mbae is in process and its childs. but mbae has to be loaded before otherwise opera may crash in weired actions.

 

Hello,

I have a question... Which would be the best from a security standpoint if you are running Chrome and MBAE?:

1. Leaving the "Enable AppContainer Lockdown" flag set to default where the MBAE dll is injected to all Chrome processes
2. Enabling the "Enable AppContainer Lockdown" flag where the MBAE dll will still be injected to all of the chrome processes except for the AppContainer processes

I am using a 64 bit version of Chrome and was thinking of enabling the "Enable AppContainer Lockdown" flag (along with the "Enable PPAPI Win32k Lockdown" flag for all plugins) in order to secure and harden Chrome a bit but of course I would like to choose the route that is more secure. Any thoughts or ideas about this?

 

PPAPI is the chrome used pepperflash api, not sure if there exist other ppapi plugins.
i think disabling pepperflash in chrome or forks will solve it the better way instead locking down from outside, that may cause random crashes

 

That option is enabled from inside Chrome and it doesn't disable plugins it just adds new mitigation.

 

ic, found it (also in opera)
https://www.chromium.org/developers...-Process-mitigation-policies-Win32k-lockdown-
https://docs.google.com/document/d/1gJDlk-9xkh6_8M_awrczWCaUuyr0Zd2TKjNBCiPO_G4/edit

i think its both usable, vor now i dont see not much advantage in a secured system, just another (little) brick in the wall.