Malwarebytes Anti-Exploit

mood, I wonder why cylance all of a sudden decided to flag is as an exploit ?
you might be right, just chalk the 60 bucks as a loss. I will still send zero the file he asked for if he lets me know where to send it to.

 

...flagging an Anti-Exploit as an Exploit
But maybe a solution can be found after sending the file.

 

Hi boredog, you can just PM me the FRST logs. From the looks of it seems like a false positive from Cylance.

 

no option to attach the file and if I try copy and paste it won't accept it. 773 k

 

When writing a PM there's a button that says "Upload a file". Use that feature to attach the FRST logs.

 

sorry zero but when I click on you to start a conversation there is no upload file option.

 

Click on "Start a conversation" and then you'll see the option at the bottom-right:

 

sorry not getting that option here. tried changing to 3x fluid and still nothing..

 

ShvFI

thanks for clarifying that.

that is the same screen I get

 

+1

 

Just FWIW, I see the same as in your screenshot. Probably not post count then.

 

Issue 1: Bug in 1.09.1.1130 stack pivot disabling
Disabling "Stack Pivoting Protection" under "Advanced Settings" has no effect. With all mitigations disabled no exploitation attempt should be intercepted, but with 1.09.1.1130 a stack pivot will still be intercepted no matter what.
This issue has only been tested using Internet Explorer 8 on Windows 7 SP1.

Issue 2: Outdated MBAE documentation
The MBAE help documentation (mbae.chm) is outdated. The change log ("What's new!") for example mentions new features introduced version 1.06 (a version from over a year ago).

 

ropchain that might explain the issue with IE 11 in the newest beta build.

 

still waiting for zero to tell me how to give him me file

 

"Members are not able to attach files to private conversations." per lowwatwermark

got it so zero still needs to tell me where to send file then.

 

@ ZeroVulnLabs pbust

For the love of god would you please, please (please!) get boredog to continue this issue in the Malwarebytes Forum? Clearly, both of you are better served in that.

@ boredog

pbust is very active at the Malwarebytes Forum which is all set up for getting your files. None of this "Members are not able to attach files to private conversations" stuff. In fact, they looooove getting files over there. Not only that, they have mods that call themselves Forum Deity who will make absolutely certain you won't have wait helplessly at your keyboard. Really!

 

@boredog, feel free to email me to pbustamante at malwarebytes dot org.

@ropchain, thanks for reporting. Will check this immediately.

 

@ropchain, just to verify, you are closing and reopening the app prior to retesting after changing the advanced configs, right? The DLL needs to unload and re-inject after config changes.

 

@ZeroVulnLabs
Beta 1.09.1.1130 working just fine here since its release, on my daily net activity...

 

Thx for reporting @Mister X !!

 

From 1.08.1.2563 to 1.09.1.1130 on Windows 10 Pro x64 (Version 1511, build 10586.420).
Browser: Edge and IE11 only.

IE11: No problems
Edge: Edge starts then disappears, same bug as =
https://forums.malwarebytes.org/topic/184945-10911130-causes-edge-to-fail-on-startup/

Back to 1.08.1.2563.
-------
@ pbust,
Do you need the MBAE user data directory?

 

No need, we've repro'ed and are analyzing the problem. Thanks again!

 

I am closing and reopening IE in between altering the config.

 

I'm a bit leery of the impending merge of MBAE+MBARW into MBAM:

1a) COMPLEXITY: Even if the installer --- or subsequent program options --- allow the user the ability to enable only those modules which they actually want, this will be greatly confusing to novices who have no idea what everything's about. In particular,
1b) Each module (AM, AE, ARW) currently has its own settings/configuration menu. It's daunting enough for some people to handle the configurations one-at-a-time... it will become all-the-more intimidating if all these settings are merged into one big listing.
2) CONFLICTS: As you know, there are competing --- and often conflicting --- products available. Let's start with EMET 4.x/5.x, which is well-known to conflict with MBAE. There are many people happily/currently using MBAM+EMET, who might be caught off-guard if a "new and improved" MBAM starting pushing MBAE on them, resulting in lots of program crashes. Likewise for HitmanPro.Alert. In terms of Anti-Ransomware --- and I don't know if these are compatible or conflicting --- you're up against the likes of CryptoPrevent, and WIN(Patrol)-AntiRansomware --- to name just two. I am concerned that MBAM's reputation would be irreparably damaged if an augmented version conflicted with these (or similar) products.
3) INTERDEPENDENCE: Lastly, there's the concept of "not having all your eggs in one basket": if malware somehow neutralizes MB, the user would lose all 3 modules (AM, AE, ARW). That's reason enough why many people prefer to pick-and-choose components from separate vendors: so if one happens to get successfully attacked, hopefully the others will still remain intact, providing their aspect of defense.