Malwarebytes Anti-Exploit

@ZeroVulnLabs Pedro I see that the latest version is 1.08.1.1189. is it possible for you to announce new versions also in this thread?
https://forums.malwarebytes.org/index.php?/topic/171634-anti-exploit-not-started-under-windows-10/

 

Now, that is just downright confusing.

That info about .1189 was posted up on August 13.

But
https://www.malwarebytes.org/antiexploit/
and
https://www.malwarebytes.org/antiexploit/premium/
show the version as 1.08.1.1045
which according to
https://www.malwarebytes.org/support/releasehistory/
was released... November 23??

 

files inside are from 29.01.2016 (DD.MM.YYYY) - brand new

 

We've just posted the auto-upgrade to build 1189. Your MBAE should auto-upgrade over the next few hours/days.
The new downloads link will be updated shortly.

As for the post being from August 13, it is true, but it gets edited often to point to newer builds. The 1189 version is a hotfix to 1045 and intermediate builds were for testing the hotfix.

Changelog of 1189 over 1045 is as follows:

Fixes:
• Improve fingerprinting detection
• Improve Layer1 stability
• Fix for Windows 10 injection bug
• Fix for Chrome 64bits protection
• Fix for BitDefender bug causing conflicts
• Fix false positive condition in Java shield
• Fix potential memory leak condition

 

Updated. Running smooth.

 

Auto-upgrade happened here too. Did not even notice it (y)!

 

I had "Automatically upgrade to new versions" box unchecked then suddenly MBAE "automagically" (lol) upgraded this morning when it wasn't supposed to do so.
Needless to say didn't like it at all.
I always want to have full control of such tasks, just like upgrading my software. The mentioned box remained unmarked after upgrade though.

 

Got the silent update today (1.08.1.1189), now everything works well on my end. Thanks, now let's see under real-world tests.

 

All three updated auto,with no problems

 

Strange.

I also have the "Automatically upgrade to new versions" box unchecked on all three of my systems (two Premium and one Free).

For all, a dialogue popped open with OK and Cancel choices for "Do you want to upgrade automatically...?"

And a check box for "Always upgrade automatically and transparently." Checked by default, I uncheck.

All upgraded smoothly and without issue after selecting OK.

 

Hmm, that's weird. The expected behavior is the following:

1. If checkbox is enabled, MBAE automatically upgrades when it finds a new version online.
2. If checkbox is disabled, when MBAE detects a new version is available, it shows a dialogbox prompting the user to accept/cancel the upgrade. This dialogbox has a checkbox for "automatically upgrade always".
   • If the user cancels the upgrade, nothing happens
   • If the user accepts the upgrade but unchecks the checkbox in dialogbox, MBAE upgrades itself but Settings auto-upgrades remain disabled.
   • If the user accepts the upgrade and leaves checkbox checked in dialogbox, MBAE upgrades itself and changes Settings auto-upgrades to enabled.

If you experienced something different please send me a ZIP with your MBAE logs to see if this is in fact a bug.

 

Thanks Pedro. I experienced bullet 2 so know I understand what happened, thanks again.

 

1189 seems to work better so far on w7 64 and chrome 64 browser. My sub ran out a few months ago after 12 months but the GUI still says Premium.

 

I'm using MBAE without problems since long time ago.

After the upgrade (from 1.08.1.1045 to the latest version 1.08.1.1189), I'm facing problems with MBAE/Adobe Reader:
I can't open any PDF file because Adobe Reader crashes -> a black sreen appears (abt 1 second) -> MBAE missing its icon from the taskbar (MBAE services are running).

In order to run normally the MBAE/Adobe Reader, I left the Adobe Reader shield deactivated.

OS: Windows 10 Pro x64 (Version 1511 - Build 10586.71)

 

Hi anon, can you please try a fresh re-install of MBAE to discard an issue during the upgrade?
https://forums.malwarebytes.org/index.php?/topic/171634-anti-exploit-not-started-under-windows-10/

 

Done, seems ok now.
Reverting with changes, if any.

Thank you for your prompt reply.

 

I spoke too soon.....
Same problem again, same workaround: Adobe Reader shield deactivated.

 

What is your exact Acrobat version? Does it happen with a specific PDF or any PDF file?

 

a) Adobe Reader XI, v11.0.14
b) It happen with any PDF file.

It happen with Adobe Reader "Protected View" enabled or disabled.
No problems till MBAE 1.08.1.1188

 

Thanks, we will try to repro.

 

Back to 1.08.1.1045.
All shields (including Adobe Reader) activated, no problems.

 

Is this normal behaviour? Latest version of MBAE and Windows 10 64-bit. Not that I'll be watching Blu-rays often, but before I added the shield it seemed to work fine.

 

Tried replicating under same environment but couldn't. Anybody else experiencing this problem?

Might happen with some players or plugins that have obfuscation for protection of media files.

 

fyi:
Version 1.08.1.1189 re-installed and tested once again:
Further to the Adobe Reader bug, new weird things started:
I hover the mouse over any installer
(i.e.: mbam-setup-consumer-2.2.0.1024, mbam-setup-majorgeeks-2.2.0.1024, aida64extreme560) as soon as I hit the right click=
A black screen appears (abt 1 second) -> MBAE missing its icon from the taskbar, MBAE services are still running, see also the attached screenshot 1.
MBAE tested with mbae-test and still working screenshot 2.

Reboot and MBAE icon appears in taskbar again.
I hover the mouse over any installer and hit the right click:
Sometimes nothing happen, sometimes the above mentioned bug appears.

 

Hmm, OK. Hopefully there won't be some Blu-ray rootkit not just for games... Now that'll be an exploit since videos aren't meant to be executable.