Malwarebytes Anti-Exploit 0.09.3.1000

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Aug 9, 2013.

Thread Status:
Not open for further replies.
  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    We just released a new version of MBAE. Details and download link over at http://forums.malwarebytes.org/index.php?showtopic=130688

     
  2. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    143
    My preliminary testing has two positive results to report:

    1) I can confirm that the problem that IE10 with Yahoo Toolbar (on Win7x64) would hang upon opening, has been fixed now [as has been mentioned in the changelog].
    2) A much older (and presumably rarer) problem I reported [back in the day when the program was still ExploitShield] that it wouldn't let me open attachments in IBM Lotus iNotes (blocking a .dll) has finally been "addressed", in that the LOGS tab now is properly showing/reporting an (alleged) exploit detected... AND allowing me to exclude it (e.g. if I believe it's a false positive) from future monitoring. So for the first time, I can successfully exclude the Lotus iNotes .dll.

    I am very happy with these two fixes... and will continue to report back here if I encounter anything else.
     
  3. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    When Will this known issues be fixed?
    Incompatibility with Comodo may cause unexpected browser behaviour.
    Incompatibility with some EMET mitigations may crash certain protected processes.
     
  4. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    143
    Well, I now have to "take back" part of my previous comment: After rebooting, when I went back to check some Lotus iNotes e-mail attachments, I again received the "blocked from executing" message re: the dwa85res_en.dll file --- this time, DESPITE the file having been successfully placed in the EXCLUSIONS list! Hmm...
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Installed.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Updated, so far so good.
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Somehow, I had 2 setup execs running simultaneously, and got the following:

    ScreenShot_MAE_v0.09.3.1000_03.gif

    ScreenShot_MAE_v0.09.3.1000_04.gif

    Noticed that the tray icon wasn't showing even though the exe was running.

    ScreenShot_MAE_v0.09.3.1000_05.gif

    So, I terminated and restarted. This time the tray icon loaded.

    ScreenShot_MAE_v0.09.3.1000_06.gif
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You should follow the Upgrade Instructions instead of overwriting previous installation.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I didn't read that until after. I am so used to installing over the top. Not to worry. It is working and that is the main thing. :)
     
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    In the EXCLUSIONS tab, do you see an MD5 and file path for the excluded file? What happens if you exclude the file again, do you see a second entry in the EXCLUSIONS tab with the same or different MD5?
     
  11. Fingol

    Fingol Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    55
    Location:
    UK
    Thanks. This one installed no problem. Tray icon vanished again though, so stopped and started service. It's been showing ever since.
     
  12. arsenaloyal

    arsenaloyal Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    507
    Is Malwarebytes Anti-Exploit compatible with Blueridge Network's Appguard ?
     
  13. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I have had problems starting Opera since earlier this evening.

    I got this error for the first time ever.

    ScreenShot_Opera Problem _03.gif

    ScreenShot_Opera Problem _04.gif

    For the last few hours, I have tried to install a fresh version of Opera v12.15, but still keep getting these temp files when Opera tries to start in C:\Documents and Settings\<MyName>\Local Settings\Temp

    ScreenShot_MAE_unistall_02.gif

    In the end I found that if I shutdown MAE, Opera would start.
    So, I have uninstalled MAE until what is causing the problem with Opera is found.
     
  14. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Please explain the following "Known Issue" in some more detail. Is there a work around for this Known Issue?
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    It seems this is a problem only with Opera 12. If you upgrade Opera the issue disappears.
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    You can actually install a new version on top of the old version. The problem is that the installer tells the system to unload the MBAE DLL from protected processes and then exit mbae.exe. If you have many open apps and/or the system is slow this can take some time and that is when this msgbox appears. If you simply hit retry it will eventually finish the install.

    You can test the "install on top of old version" without any open apps and you will see it working correctly.
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    This "known issue" has not been replicated by us, only reported by users. There's little more info we know about it.
     
  18. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Thank you.
     
  19. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    143
    In the EXCLUSIONS tab, do you see an MD5 and file path for the excluded file?

    Yes.

    What happens if you exclude the file again, do you see a second entry in the EXCLUSIONS tab with the same or different MD5?

    Yes, the entry is repeated, same MD5: b3e7abc9d370d08a6d6f35ad6cdd607d

    filename: C:\Users\MyUserName\AppData\Local\Temp\Low\dwa85res_en.dll
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875

    Sorry, but I won't be switching to the chrome based Opera.


    It used to work for MAE v9.2.1400, but reinstalling that does not fix the problem. - See my post https://www.wilderssecurity.com/showpost.php?p=2259953&postcount=55

    But, it works for Opera v11.64 showing as v9.00 in process explorer.

    ScreenShot_MAE_reinstall_v9.2.1400_03.gif

    ScreenShot_MAE_reinstall_v9.2.1400_04.gif

    ScreenShot_MAE_reinstall_v9.2.1400_05.gif
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA

    Interesting.... we will have to take a closer look at this. Now that we are part of Malwarebytes we have access to a lot more QA resources so we'll try to replicate this.

    Thanks for the info!
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    How do you even add exclusions, I'm still getting this:
     
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    Is this blocking event showing in the LOG tab of the main program interface? If it shows you should be able to select it and then the "Exclude" button will be activated.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Not sure, but haven't seen it yet. It doesn't help that the LOG tab is cleared every time I restart mbae.exe to see the tray icon.
     
  25. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,161
    Location:
    USA
    That's not the expected behavior. The data from the LOG tab should survive reboots and EXE exits as long as you don't hit the "Clear" button or delete the appropriate .dat file from the installation folder.
     
Loading...
Thread Status:
Not open for further replies.