Malwarebytes Anti-Exploit 0.09.3.1000

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Aug 9, 2013.

Thread Status:
Not open for further replies.
  1. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    947
    Location:
    Canada
    Is blocking my Hitman Pro Alert updates, tried making an exclusion but it only shows the date, no file info so highly doubt this will work.
     
  2. Have not noticed this on Win7 Ult 32 bits (yet), but for future changelog's I would appreciate some more specific info, e.g. which EMET mitigations are overlapping with MBAE
     
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,235
    Location:
    Italy
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    With the next release of MBAE, version 0.09.4.XXXX coming out in a week or two you will be able to have a little more visibility.

    Haven't tested it as I don't have the exploit itself. But I'll bet with whoever that MBAE stops it as well.
     
  5. Thanks, I will disable those conflicting settings in EMET for these specific programs.

    By the way, I really appreciate MBAE stopping executions invoked from injected dll's into browser (protected programs in general).

    I have set DDL search mode to safe with group policy, may be an extra enhancement for MBAE to implement automatically?
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Might not have to. From my (limited) tests they do not seem to conflict much. In some cases EMET pops first and in other cases MBAE pops first. Needs quite a bit more compatibility testing done.
    Nice, thanks for noticing ;)
    Interesting, we'll take a closer look. Thanks!
     
  7. controler

    controler Guest

    i installed this whilst having malwarebytes pro installed and it turns off malewarebytes file system and website protection off. is this normal?
     
  8. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    You mean MBAE turned off MBAM? No, that's not even possible. There must be something else happening on your PC.
     
  9. controler

    controler Guest

    I will uninstall the mbae and reinstall it an see what happens.
     
  10. controler

    controler Guest

    ok closed malewarebytes, after uninstalling mbae and reinstalled mbae. open malewarebytes and those two are dissabled. works every time. on win xp pro
     
  11. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    157
    "From my (limited) tests they [EMET+MBAE] do not seem to conflict much. In some cases EMET pops first and in other cases MBAE pops first. Needs quite a bit more compatibility testing done."

    That would be an ideal situation, to be able to run both, side-by-side, without conflict :)

    Since Microsoft is still supporting EMET 3 (as well as the newer EMET 4), are you testing/considering both? Or only the new/current version?
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    We will definitely need to take a closer look at this. Can you please send me a HJT, DDS or similar log showing system specs, installed software, etc.?
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    For now none, only informal testing. Once we finish adding all our stage 1 protections to the engine it will make sense doing more hard core compatibility testing with EMET.
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,985
    Location:
    Parallel Universe
    Good looking T-shirts. Like it. :thumb:
     
  17. controler

    controler Guest

    i get a popup when i try open a website through e-mail. "locate link browser.
    to name and save file." then a blank page opens. If i have ie already open, it opens the page fine. also if i have ff set to default and not open, the page opens fine.


    i have ff and ie with default set for ie. ie version = 8
    outlook version = 2002

    this works every time on my computer.

    you want me to send hjt log as a pri message here?
     

    Attached Files:

  18. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    What's the roadmap for MAE? When is 1.0 scheduled?

    I find the GUI bugs annoying. I had VLC running with a long clip, and I paused and went away for 30 minutes. When I come back, MAE does not show VLC as shielded anymore. It's hard to tell if I'm actually still protected.
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    @controler, that sounds like an old bug. What version of MBAE are you running?

    @shadek, what do you mean that MBAE is not showing VLC as protected after 30 minutes? The GUI doesn't show when protection "stops", only when it starts protecting a program.
     
  20. controler

    controler Guest

    running 0.09.3.1000 beta
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Exit all your browser windows. Right-click on the MBAE traybar icon and choose Exit. Replicate the issue. Do you still get the prompt to "locate link browser" or whatever the message is?
     
  22. controler

    controler Guest

    do not get the message with your program not nactive.

    the bug is still there

    only ie and not sure if the version of office matters.
     
  23. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,985
    Location:
    Parallel Universe
    Is Malwarebytes Anti-Exploit in beta? Or is it a final release? I'd like to try it. Can it be used with WSA? Will they conflict?
     
  24. Read their website
     

    Attached Files:

  25. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,985
    Location:
    Parallel Universe
    @Windows Security
    I see. Well I'm kinda lazy.:D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.