Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  2. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Nope, mitigations in EMET are largely different then the ones implemented in Edge/Win10.

    vuln != exploit. I am still convinced that if someone can escape the sandbox of 64-bit Edge, that bypassing EMET, HMPA or MBAE wouldn't be a problem either.
     
  3. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Yes, totally agreed!
     
  4. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    571
    Location:
    USA
    Not true; it adds exploit mitigation to applications via the OS compatibility layer, which has gotten more robust with each OS--more features (like font AE) are only available in EMET when running under Win10 (see the EMET 5.5 beta Users Guide).

    I don't know how MBAE works or if it adds those capabilities to older OSes--that would be a value added if it did.
     
  5. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,630
    OK, maybe "useless" is a bit harsh here. According to the technet article, Win10 "can make EMET unnecessary on devices running Windows 10", yes, it can (but probably doesn't) make it redundant. So I guess using anti-exploit software is still an important layer of security, despite the fact that Win10 is a more or less secure OS.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
  7. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    The SWF file has not yet been shared on VT and no analysis is provided for the ROP / shellcode part, so it is hard to make a statement about that.

    The actual question should not be "Does $exploit_mitigation_tool block block exploit X?", but "Does $exploit_mitigation_tool block exploitation techniques A, B and C?" as most exploits can be altered in such a way that they bypass $exploit_mitigation_tool.
     
  8. This seems to work also (registry tweak)
     
  9. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Build 1040 published.
    Fix for some issues with .NET and a fingerprinting technique FP.
     
  10. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,630
    Installed Build 1040 an hour ago. No problems so far. Thanks, Pedro.
     
  11. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,009
    From 1.08.1.1039 to 1.08.1.1040 on Windows 10 Pro x64.
    No problems so far.
     
  12. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    I can't find a working link to 1.08.1.1040 (and yes, I have tried the link in pbust's signature).
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    https://copy.com/rGXea0aQsYNsjPiy
     
  14. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    Thanks but that doesn't work for me either.

    Edit. Its OK now. It turned out my ISP's filter was blocking the download. I have adjusted it to be less cautious.
     
  15. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I wasn't talking to you
     
  16. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I also stated that no matter how I use it I run into the same problem. Even if all I decide to protect are a few key internet facing processes & FF, it still happens. And when I protected SBIE's services on version 1.06 I didn't have any of these problems. In fact... I can protect ALL of that gigantic list that you and others believe to be ill-advised on that version and everything works just fine. When I boot up Windows they are all protected, and no problems.

    And syringe himself even said he saw potential merit in blocking those sandboxie processes after I pointed out doing so, and that he decided he'd added it to his approach even after I had a temporary change of heart. But now everybody is talking about how it's not only useless, but a bad idea, not what it's designed to do, etc... all because the Czar has spoken so of course the lemmings must follow.

    I'm using v1.06 where everything works just fine, and have no plans to upgrade. Will back up this installer to several places.
     
  17. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Installed 1040 over 1039 no problems so far. Advanced settings - checked all. Win 7 Prof.
     
    Last edited: Oct 27, 2015
  18. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Windows 8 x32...1040 smooth running.
     
  19. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    Build 1043 release. This is RC.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,092
    Location:
    Mexico
    Thank you.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,656
    Location:
    USA
    I upgrade to 1043 from build 1040. So far I have not experienced any issues. I'm on Windows 7X64 Ultimate.
     
  22. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    No problems with 1043 so far. How do I reset the counter (Blocked Exploit Attempts).
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,009
    From 1.08.1.1040 to 1.08.1.1043 on Windows 10 Pro x64.
    No problems so far.
     
  24. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,009
    Last edited: Oct 28, 2015
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    OK I see. The reason why I wondered is because apparently the exploit writers tried to actively bypass new mitigations in Flash Player.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.