Malwarebytes bought Zerovulnerabilitylabs

I am waiting for the next beta. I replied in a thread in the MBAE forum at the Malwarebytes site that the current beta does nothing on my computer.

 

Can you post the link? Was it because an incompatibility with some other security software by any chance?

 

Yes, and here is the link - http://forums.malwarebytes.org/index.php?showtopic=128149

 

I believe the issue is answered in the thread. It's WSA blocking MBAE. We have contacted Webroot already and Joe has confirmed he will take a look at it when he gets a chance.

 

I have MBAE working fine on my machine except when I launch a Sandboxed browser. In view of your remark about WSA I assume that any form of Sandboxing prevents MBAE from seeing inside the browser?
If an exploit that MBAE would normally stop should bypass Sandboxie (or any other type of sandboxing) would MBAE still intercept it and stop it or would it be "game over"?

 

Okay, everything is good in the LOG. The GUI stores its information in a separate DAT file. Maybe you should integrate those?

It'd be fun, but looks unnecessary now. Finding exploits that MBAE blocks would be hard in MDL imo, it's mostly dependant on user error there.

 

In order to help us detect and replicate the conflict between Malwarebytes Anti-Exploit and MS Office please do the following:

1- Disable all MS Office add-ins and try again. Does the issue still persists?
2- If the issue persists, please run OfficeIns (http://www.nirsoft.net/utils/officeins.html), select all items shown, and click on the "Save" icon to save a TXT report. PM or post the resulting report.
3- Finally disable or uninstall third party security software (in particular WSA, Trusteer, Comodo, DefenseWall, Sandboxie, EMET, etc.) and try again to see if the issue persists.

Thanks for all your help!

EDIT: fixed link

 

Correct link: http://www.nirsoft.net/utils/officeins.html

 

OS version: Windows 7 SP1
Architecture: 64
OS language: English
MS Office version: Office Professional Plus 2010 x32
MS Office SP: latest
MS Office language: Spanish
Other security software: Mcafee, EMET

Excel crashes when it contains macros, it also crash when EMET is disabled
I can't disable addins, corp laptop.

 

I've got some feedback.

1. It seems sometimes after login, the GUI will fail to load, but the mbae process is running.

2. The program needs self-protection, as the process can be killed by right-clicking in Task Manager and hitting End Process.

 

Can you please post or PM me the output of OfficeIns by Nirsoft?

 

Known issue with the traybar icon disappearing, but the process and protection are still running in the background. This will be fixed with the new Malwarebytes GUI that will be built around the core engine.

Only if you're admin. If a hacker/malware already has admin on your machine it's game over anyway, this is the least of your worries at that point.

 

I'm happy to see the joining of Malwarebytes, and ZeroVulnLabs. Now the developers will have more resources to work with to speed up development of ExploitShield.

 

@ZeroVulnLabs

I sure hope to see this compatible with Sandboxie.

Maybe you can ask tzuk to add MBAE to Sandboxies Program Compatibility Wizard.

 

Too long for a PM or a message, file attached .txt

View attachment a.txt

 

MBAE GUI says that no apps are protected.
I don't use MS office or a sandbox.
I do use EMET 4 and ZAL pro.

 

If you completely deactivate or disable EMET and then reboot, does it show apps as protected then?

 

I have tabs freezing very often when using Chrome with latest beta 0.9.2. Mostly it's when Chrome tries to load a video using built-in Flash player. Works flawlessly again after uninstalling MBAE or when stopping protection.

Using: AppGuard (Chrome guarded) and Hitman.Alert with Windows 8 x64.

 

Thank you for your quick reply.

I did what you suggested but it didn't help.
The GUI still said zero protected apps.

 

Is Shielded Apps supposed to show how many are currently shielded, or how many have been shielded total?

 

Does the same problem occur if you completely disable or uninstall AppGuard and Hitman Alert?

 

If you open the MBAE GUI, does it say "Running" or "Stopped"? This could be due to an incomplete or problematic upgrade from a previous version.

Also you can open a protected app (browser, adobe, etc.) and check within SysInternals ProcessExplorer by searching for mbae.dll. If it finds the DLL injected into the browser/adobe/etc process space then it is working.

 

How many processes are currently shielded.

 

Right now it says 20.

 

Yes, it's the same old counter bug. We fixed it so that it doesn't show negative numbers anymore but it's still not 100%. It might not be worth fixing that since we are working on a completely new Malwarebytes GUI.