Malwarebytes Anti-Exploit

Difficult to say without logs. You can either post them here or PM them to me. Instructions here:
https://forums.malwarebytes.org/ind...e-first-posts-here-need-to-include-mbae-logs/

 

I must have missed this, but what's this "fingerprinting detection" feature all about? When does it come into play?

http://www.ghacks.net/2015/11/06/ma...ships-with-fingerprinting-detection-and-more/

 

Will this new fingerprinting feature in any way cause problems when trying to access online financial accounts (Bank, PayPal, Brokerage, etc..)?

 

CVE-2013-7331. IE vuln patched in september 2014 (MS14-052). Nothing special.
The fingerprinting detection 'mitigation' is more a gimmick then a useful mitigation.

 

The mbae log shows that chrome and IE are protected even though i have them deactivated.

 

I wouldn't call it a gimmick but to each his own. It's a feature our researchers particularly like as it allows them to track the movement of certain Exploit Kits which try to avoid us on purpose:
https://blog.malwarebytes.org/explo...s-anti-exploit-adds-fingerprinting-detection/

Yes we've had this bug reported last week and we've fixed it. Maybe we'll release a hotfix for 1.08 with this fix.

 

Advanced settings > Restore defaults does not reverse to default. I know don't touch unless told to.
Still, Restore defaults does not enable Apply.
So, without a reference default matrix no way for Free to get back to default.
Current stable version: 1.08.1.1044
Where may I find image of Advanced settings Tabs at default.

 

Restore defaults does not enable Apply unless you have something different in advanced configuration from the default.
To test this, go to advanced config, change a setting and click Apply.
Then open advanced config again and click restore defaults.

 

That's exactly what I did and that's why I report Restore default does nada.
I'm left with all boxes checked after I checked all boxes expecting Restore default to work.

 

Hmm I'm not sure I understand what you're trying to say. Let's do the following tests:

TEST 1
1- Open Advanced settings -> Application Enforcement
2- Enable BottomUp ASLR for Browsers
3- Click Restore defaults
4- Does the BottomUp ASLR checkbox become unchecked?

TEST 2
1- Open Advanced settings -> Application Enforcement
2- Enable BottomUp ASLR for Browsers
3- Click Apply
4- Open Advanced settings -> Application Enforcement again
5- Click Restore defaults
6- Does the BottomUp ASLR checkbox become unchecked?

 

No and No
That's exactly how I started. BottomUp was the first check I added after new MBAE install.
When BottomUp check was not removed by Restore default.
I checked all the boxes and ended up with all boxes checked.
Trying to Restore defaults with a broken button.
Which is why I reported Restore defaults does nada.

 

Hmm that's weird.

Let's do the following:

1- Stop MBAE Service
2- Delete the contents of C:\ProgramData\Malwarebytes Anti-Exploit (keep a copy of applications.dat if you have custom shields)
3- Start the MBAE Service
4- Run C:\Program Files (x86)\Malwarebytes Anti-Exploit\MBAE.EXE
5- Repeat tests 1 and 2 above

Does it still not work?

 

I am repeating a post I made in the EMIS 11 and HitmanPro Alert thread. - I am not spamming - just that it is a critical problem possibly being caused by MBAE or those two other programs and I have yet determined which.

I have installed on my Win 8.1 PC, in addition to EMIS 11, I have installed MBAE and HitmanPro Alert. In combination with Bitdefender IS 2016 there were no major issues. But I know BD IS 2016 on its own was giving me browsing issues, particularly with https: sites. But with EMIS 11 I have a critical issue. Since installing EMIS 11 my PC has been misbehaving in ways that I have never seen before. My PC will totally freeze from time to time, seemingly at random. It's not associated with any particular activity. Happens when surfing and while playing games. Another strange thing is that if I hit Escape while frozen, my PC restarts. So I don't know what the conflict is. I hated to do it, but I have started by uninstalling HitmanPro Alert. And will see. After uninstalling HitmanPro Alert, I think I should have started with uninstalling MBAE because it is known to have caused an issue at least with KIS, but that was of an entirely different nature = browsers refused to open, and it remains an issue only because of Kaspersky's arrogant attitude in not speaking with MBAE peeps who have a solution which they are being forced to do on their own within MBAE (beta). But my issue is a deal breaker for someone.

 

Just don't run HMPA and MBAE at the same time. By running MBAE and HMPA you're not improving your level of protection but potentially only worsening due to stacked hooks.

 

One definitely should not use HMPA, and MBAE together.

 

FWIW we managed to bypass this issue with KIS completely in the final 1.08 version. So this is completely solved.

 

Yes Zero I know. Is that now a release or still beta?

 

Release

 

Sometimes i get error 0xc0000018 when starting Firefox, but if i disable MBAE or restart pc it works fine and error doesn't appear for several days (or weeks)

MBAE seems to block Firefox sometimes for some reason

I'm using Panda Free Antivirus with Windows 10 and no other real-time protection running.

 

Same story with IE11 or Edge on Windows 10 Pro x64 & Avira Pro.

 

My experiment has shown that it is HitmanPro Alert does not play nice with EMIS 11, at least on my PC. It runs fine with MBAE.

I have used BOTH MBAE and HMPA together with NO issues with Bitdefender IS 2016 and Norton Security. Dunno why it doesn't get along with Emisoft IS 11.
OS Win 8.1

 

OK I see, looks interesting.

 

This seems to be a problem with certain Editions of Windows 10. It seems to happen mostly on Home Edition. We are investigating this issue but it has to do with a new behavior introduced in Windows 10 when injecting into a process.

 

On Windows XP I am frequently seeing some kind of "exception" error with MBAE version 1.08.1.1044. Unfortunately, it occurs during shutdown, so the error "pop-up" is only visible for a brief moment. If this information is being logged somewhere, where should I look to find it?

 

See if any information is logged in the Event Viewer. If so, export it and send it to me via PM.

Also please send me your FRST logs to see if anything might be conflicting with MBAE.