Malwarebytes Anti-Exploit 0.09.3.1000

We just released a new version of MBAE. Details and download link over at http://forums.malwarebytes.org/index.php?showtopic=130688

 

My preliminary testing has two positive results to report:

1) I can confirm that the problem that IE10 with Yahoo Toolbar (on Win7x64) would hang upon opening, has been fixed now [as has been mentioned in the changelog].
2) A much older (and presumably rarer) problem I reported [back in the day when the program was still ExploitShield] that it wouldn't let me open attachments in IBM Lotus iNotes (blocking a .dll) has finally been "addressed", in that the LOGS tab now is properly showing/reporting an (alleged) exploit detected... AND allowing me to exclude it (e.g. if I believe it's a false positive) from future monitoring. So for the first time, I can successfully exclude the Lotus iNotes .dll.

I am very happy with these two fixes... and will continue to report back here if I encounter anything else.

 

When Will this known issues be fixed?
Incompatibility with Comodo may cause unexpected browser behaviour.
Incompatibility with some EMET mitigations may crash certain protected processes.

 

Well, I now have to "take back" part of my previous comment: After rebooting, when I went back to check some Lotus iNotes e-mail attachments, I again received the "blocked from executing" message re: the dwa85res_en.dll file --- this time, DESPITE the file having been successfully placed in the EXCLUSIONS list! Hmm...

 

Installed.

 

Updated, so far so good.

 

Somehow, I had 2 setup execs running simultaneously, and got the following:





Noticed that the tray icon wasn't showing even though the exe was running.



So, I terminated and restarted. This time the tray icon loaded.

 

You should follow the Upgrade Instructions instead of overwriting previous installation.

 

I didn't read that until after. I am so used to installing over the top. Not to worry. It is working and that is the main thing.

 

In the EXCLUSIONS tab, do you see an MD5 and file path for the excluded file? What happens if you exclude the file again, do you see a second entry in the EXCLUSIONS tab with the same or different MD5?

 

Thanks. This one installed no problem. Tray icon vanished again though, so stopped and started service. It's been showing ever since.

 

Is Malwarebytes Anti-Exploit compatible with Blueridge Network's Appguard ?

 

I have had problems starting Opera since earlier this evening.

I got this error for the first time ever.





For the last few hours, I have tried to install a fresh version of Opera v12.15, but still keep getting these temp files when Opera tries to start in C:\Documents and Settings\<MyName>\Local Settings\Temp



In the end I found that if I shutdown MAE, Opera would start.
So, I have uninstalled MAE until what is causing the problem with Opera is found.

 

Please explain the following "Known Issue" in some more detail. Is there a work around for this Known Issue?

 

It seems this is a problem only with Opera 12. If you upgrade Opera the issue disappears.

 

You can actually install a new version on top of the old version. The problem is that the installer tells the system to unload the MBAE DLL from protected processes and then exit mbae.exe. If you have many open apps and/or the system is slow this can take some time and that is when this msgbox appears. If you simply hit retry it will eventually finish the install.

You can test the "install on top of old version" without any open apps and you will see it working correctly.

 

This "known issue" has not been replicated by us, only reported by users. There's little more info we know about it.

 

Thank you.

 

In the EXCLUSIONS tab, do you see an MD5 and file path for the excluded file?

Yes.

What happens if you exclude the file again, do you see a second entry in the EXCLUSIONS tab with the same or different MD5?

Yes, the entry is repeated, same MD5: b3e7abc9d370d08a6d6f35ad6cdd607d

filename: C:\Users\MyUserName\AppData\Local\Temp\Low\dwa85res_en.dll

 

Sorry, but I won't be switching to the chrome based Opera.


It used to work for MAE v9.2.1400, but reinstalling that does not fix the problem. - See my post https://www.wilderssecurity.com/showpost.php?p=2259953&postcount=55

But, it works for Opera v11.64 showing as v9.00 in process explorer.

 

Interesting.... we will have to take a closer look at this. Now that we are part of Malwarebytes we have access to a lot more QA resources so we'll try to replicate this.

Thanks for the info!

 

How do you even add exclusions, I'm still getting this:

 

Is this blocking event showing in the LOG tab of the main program interface? If it shows you should be able to select it and then the "Exclude" button will be activated.

 

Not sure, but haven't seen it yet. It doesn't help that the LOG tab is cleared every time I restart mbae.exe to see the tray icon.

 

That's not the expected behavior. The data from the LOG tab should survive reboots and EXE exits as long as you don't hit the "Clear" button or delete the appropriate .dat file from the installation folder.