Malwarebytes Anti-Exploit 0.09.3.1000

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Aug 9, 2013.

Thread Status:
Not open for further replies.
  1. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    Then is it a good idea to use EMET 4.0 and MBAE together?
    If yes, how to tune them both?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    I ran EMET, MBAE, and HMP.A together with no issues other than a minor bug of Malwarebytes Anti-Exploit blocking HitmanPro.Alert's update executable, which is already being looked into.

    I max EMET mitigations whenever possible and never disabled any of MBAE's shields.
     
  3. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    Yeah, I've installed EMET 4.0 with max possible setup for this PC (Win 7 64 bit) as I did it without MBAE: DEP OptOut, Deep hooks - off - all the rest at max. All goes OK so far.
     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, you can run both together side by side.
     
  5. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,202
    Location:
    Virginia - Appalachian Mtns
    When is Win 8.1 compatibility going to arrive? I tried MAE 0.09.3.1000 in Win 8.1 64 bit yesterday but some driver or service (can't remember exactly) could not load. I'm running EMET 4.0, BTW.

    Later...

    Bob
     
  6. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    The compatibility with Win8.1 is in the works. Currently we're QA'ing 0.09.4 and probably by 0.09.5 we'll have Win8.1 compatibility.
     
  7. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    ZeroVulnLabs, you would better add manual "Check updates" and option to on/off automatic updates.
     
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    +1..:thumb:
     
  9. 93036

    93036 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    102
    This is still occuring with HitmanPro.Alert 2. I have to exclude after every boot on my W7 32 or 64 bit machines.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,787
    You got me curious about this since it's pretty vague. I respect that you need to keep the details of your intellectual property but for a product like MBAE where comparisons to EMET is unavoidable, I think it ought to be fair enough if people are given a small breakdown in terms of which portions are similar (without revealing the trade secrets so to say). At the very least, it makes people running the 2 together know what to look out for if the need to make exclusions in EMET arises.

    If you don't mind:

    1. Does it enforce DEP for apps it protect?
    2. How about ASLR? Since ASLR isn't available on XP systems, does MBAE add any form of pseudo-mitigations like pseudo-ASLR?
    3. Does it employ SEHOP for apps it protect?
    4. Are there any similarity to other anti-ROP techniques used in EMET? If so, which ones?

    A simple answer of "Yes" and "No" would do. I'd understand if you don't wish to reply to all of the above questions.
     
  12. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    I wish to know this as well.
     
  13. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    The automatic upgrades to new versions is something that we will be building into the new GUI for 1.0 once the engine is finished, which we are close to finishing after two or three more beta releases.
     
  14. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    I wish to know this as well - also.... and I then wish for some of you smart guys to explain the in's and out's and implications of each answer.

    Thank you.


    -ftp
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    I'll try to explain it without spilling the beans.

    EMET is focused on enforcement of existing OS techniques like DEP, ASLR. That is why EMET is stronger on some OS'es and not as much in others like XP.

    MBAE incorporates completely different approach and techniques. It is more generalistic (i.e. better protection for XP than EMET) as well as more comprehensive as it includes multiple techniques of protection in both layers: stage 1 (DEP bypasses, etc) as well as stage 2 (java, payloads, etc). So with MBAE if something bypasses stage 1 protections your PC won't be infected as it still has stage 2 protections. With EMET if something bypasses its protections you are out of luck. Of course something could theoretically target and bypass the applications themselves (MBAE and EMET) but that's a completely different issue.

    Both can be installed alongside each other and we are taking steps to ensure they keep being compatible. But if I had to choose one I would choose MBAE because it is more generic and offers more complete (holistic if you will) protection against exploits.

    I hope this helps clarify a bit.
     
  16. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    To answer your questions directly:

    1. Does it enforce DEP for apps it protect?
    NO

    2. How about ASLR? Since ASLR isn't available on XP systems, does MBAE add any form of pseudo-mitigations like pseudo-ASLR?
    NO

    3. Does it employ SEHOP for apps it protect?
    NO

    4. Are there any similarity to other anti-ROP techniques used in EMET? If so, which ones?
    Some might be similar, some are definitely different.
     
  17. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,994
    So we can say that MBAE doesn't repeat EMET. It's very good as if you use both they work complementing each other.
     
  18. guest

    guest Guest

    The compatibility with Hitman Pro Alert is being fixed, right?

    What about Webroot Secure Anywhere? anyone has experience any incompatibility with the Web Shield?
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, the HMP.Alert conflict will be solved.

    As for Webroot, they are compatible except for a small problem with the WSA Identity Protection module which Webroot is already looking into.
     
  20. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,850
    It may be too early to ask, but will this have a lifetime license like MBAM, or a yearly fee?
     
  21. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    looking forward for 8.1 compatibility so i can test this.
     
  22. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    The MBAM model of one-time-pay has worked very nicely for everybody. So they plan to implement the same model.

    At least that's what I hope they do..
     
  23. Why not outlook? see picture
     

    Attached Files:

  24. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    I have experienced the issue that when I have shielded applications opened and I close one of them, the counter at shielded applications resets itself to 0. Further MBAE succesfully injects mbae.dll into Word 2013 (Office 365), but does not say that Word is now protected and it has no effect on the shielded applications counter.
     
  25. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Anyway we could get shielding of thunderbird and libre office?

    Other then those wishes i love this app, have so since it was ZVL`s
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.