Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Separated it to prevent out-of-date Windows Defender from throwing a false positive during MBAE installations.

    The MBAE Exploit Tester is now available from a stickie on the Malwarebytes forum:
    https://forums.malwarebytes.org/index.php?showtopic=139368
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    So, you have come back from taking care of business at the ranch. :D
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Huh? I think I missed something here :)
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Results of MBAE Exploit Tester...

    ScreenShot_MBAE_v0.09.5.0250_11.gif

    ScreenShot_MBAE_v0.09.5.0250_12.gif
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Re: Malwarebytes Anti-Exploit 0.09.4.1000


    Don't worry! Just my little joke...if you don't understand, my bad. :)
     
  6. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    After a while I couldn't start Chrome and some other apps. Even disabling protection didn't help. Everything worked only after uninstall of MBAE.
     
  7. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    You mean when running alongside EMET 4.1, correct?

    Please check our Known Issues & Conflicts list for details re: EMET:
    https://forums.malwarebytes.org/index.php?showtopic=135127
     
  8. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,360
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Did I miss the answer? :doubt:
     
  9. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Yeah, this one:

    "Incompatibilities & Conflicts
    ...
    EMET 4.1 with DeepHooks and ROP mitigations enabled may crash Google Chrome."

    though "in inversion": Chrome didn't start when "Anti Detours" and "Banned Functions" were checked.

    Now it's OK. :)
     
  10. controler

    controler Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    THatn you for the new beta and the warning as to expire date. Now if I can only rememerb it. LOL

    I agree , however I don't think it is nice to dissable the browsers when the beta expires.
     
  11. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I am using chrome when the beta expired but it didn't crashed the browser. It only warned.
     
  12. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    This problem with Chrome Extensions might still be happening.. Fixed issue with Chrome extensions crash when stopping/starting MBAE....After boot today i had to turn off then enable back on the Adblock Chrome extension that was not working.
     
  13. guest

    guest Guest

    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Chrome is blocked when I try to open it. I also have adblock
     
  14. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Can you please send me your mbae-default.log?
     
  15. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  16. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Why not to change the name of thread? It's current name "Malwarebytes Anti-Exploit 0.09.4.1000" is misleading as if the product is not developing.
     
  17. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    Yes, agreed. It would be nice to rename it and take out the version number so we can keep the discussion of all versions here.
     
  18. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Re: Malwarebytes Anti-Exploit 0.09.4.1000

    I tried to change thread title but only the title on the OP's very first post changed. One of the other Mods maybe can do it?

    TAS
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Thread title changed.
     
  20. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Any chance for this to work in sandboxie or is that not possible because of how it works?
     
  21. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Thanks for the change ronjor!

    @kjdemuth, I would love for it to work with Sandboxie, but it is not up to us but to Sandboxie to allow MBAE to inject its DLL into the sandboxed browser.
     
  22. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Gotcha. That's going to be tough since Ronen is no longer involved. I'm sure this was asked before but this is going to added into Ver 2 of MBAM right?
     
  23. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, that's my feeling as well.

    No as MBAE is not yet out of beta and it will have to walk by itself for a while past 1.0 before being integrated into MBAM.
     
  24. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Definitely possible but unnecessary in my opinion. Just use EMET to mitigate the standard attack patterns and Sandboxie's Start/Run restrictions to make the payload unable to run. Anything able to get past those two, MBAE most probably won't help you either. That's probably the reason why nobody feels compelled to create a template for Sandboxie to make MBAE work.

    Of course, without Sandboxie or the lack of any other form of virtualization or execution control for that matter, I can see the benefit, if limited, of MBAE.
     
    Last edited: Jan 1, 2014
  25. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Looking forward to a final/stable build of this. I was hoping it would come before upgrading my OS from XP though because once I'm on Win7 I'll probably just use EMET since .NET FW is forced on you anyhow. So I might as well make good use of it. It's the only thing stopping me from using EMET now.

    To those planning on sticking with XP and looking for solutions to help keep their machines secure/useable... this app would be ideal for them.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.