Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    665
    Location:
    Island of Woman
    anyone experienced issues with such setup with all set to max and other applications, like chrome (runs with chrome no problem), I am worried about slowdowns
    also how does it compare to hitmanproAlert or excubits, is malwarebytes anti-exploit decent protection against exploits types?
     
  2. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,578
    I haven't used it for many years but when I did, all of my settings were also enabled "to the max" without any problems whatsoever. Unfortunately, I don't know whether MBAE can still be considered a "decent" security app these days. I also used HMP.A years ago but I found it too aggressive.
     
  3. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    591
    Location:
    US
    All Advanced Settings are checked. No slowdowns. Chrome, Firefox Quantum and Chrome runs as usual. No problems with Office or anything. I added shieds for Outlook 2013 and Windows Live Communications (HXOutook) and checked 'Show system tray notifications tooltips' and MABE shows that it is indeed interjecting it's DLL into both applications.

    As for it being a decent protection against exploit types, well according to Malwalebytes it is. I have asked them how EXACTLY is MBAE protecting Chrome and Edge, since both of these browser now reject injecting of 'outside' DLL's, but no replies.

    Robert
     
    Last edited: Aug 1, 2019
  4. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    591
    Location:
    US
    Explanation please.

    Robert
     
  5. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,578
    What explanation? I wrote that I don't know whether or not MBAE can still be regarded as a decent app these days. If I knew the answer, I would tell you (and give an explanation).
     
  6. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    591
    Location:
    US
    Ok, thanks.

    Robert
     
  7. Marwood

    Marwood Registered Member

    Joined:
    Aug 11, 2019
    Posts:
    20
    Location:
    UK
  8. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    591
    Location:
    US
    Thanks for the post, Marwod. At we know that MB is still improving MBAE.

    Robert
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,456
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,361
    Location:
    Hawaii
    @mood -- got it. 10Q to the nth!
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,759
    I just installed 1.13.1.117 and decided to take a look at Edge. mbae.dll is not injected into Edge, just into SYSTEM. No popup about Edge being protected. Whereas, as usual, when SeaMonkey runs, MBAE injects into SYSTEM and SeaMonkey and issues a popup that it's protecting SeaMonkey.
    BTW, I never use Edge, so my observation is on a very limited use in just a few minutes.
    No Chrome here to check.
     
  12. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    174
    Location:
    Wigan
    Secrecy is an essential of security. I do not wish to know how it is done since the bad guys do wish to know that. Keep 'em guessing.
     
  13. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    326
    Location:
    USA
    Just thinkin' Out Loud... Have you checked for mbae64.dll?

    Over here, mbae.dll injects QuiteRSS and POP Peeper whereas Firefox, Chrome and Falcon get mbae64.dll. (For Falcon I added a browser shield for QtWebEngineProcess.exe.)

    System gets both mbae.dll and mbae64.dll.
     
  14. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,759
    Good catch. No I did not check for mbae64. I just rerun Edge. Nothing injected, just mbae64.dll in SYSTEM.
     
  15. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    392
    Location:
    Milan, Italia
    Of course they are because it is an integral part of MBAM Premium. Development will continue as long as MBAM exists.
     
  16. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    174
    Location:
    Wigan
    Bottom-Up ASLR Exploit Blocked in Windows XP

    I never expected to see this. Bottom-Up ASLR protection is worth enabling in Windows XP.
    MBAE_BottomUpASLR_WindowsXP.gif

    MBAE 1.12.1.109 is in active use. Mozilla Firefox 45.9 was running inside Sandboxie 3.76 with MBAE enabled. The Firefox process was instantly terminated.

    It is with deep shame and embarrassment that I must now confess that I was sneaking a crafty look at a web site showing young ladies at play in bathing costumes (and some without bathing costumes :eek: :oops:). It would not be too surprising if an exploit was to be lurking in the midst of the data stream feeding the smut on which I was feasting my lustful gaze so I guess that it is plausible that there really was a malicious exploit that MBAE snuffed out. Thanks MBAE.

    Interventions by MBAE are very rare on my Windows XP SP3 system or any other of my Windows systems for that matter. I am reassured that MBAE is prowling usefully in the backgound.

    Would it be fair to say that malware developers would not expect to encounter Bottom-up ASLR protection in this venerable operating system? I don't claim to have configured the most hardened XP system extant but the battlefield is littered with mines and booby traps. There are numerous layers of defence.
     
    Last edited: Oct 26, 2019
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,021
    windows xp, firefox 45 - this had to come

    ofc hackers meanwhile know about, only a matter of time until MBAE fails for you and you got your data encrypted - no mercy.
     
  18. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    174
    Location:
    Wigan
    I backup the system quite frequently. It's not safe to use for security sensitive purposes if due diligence is considered. XP is now like a classic car, taken out for a drive for pleasure. It is true to say that since the present incarnation was installed (in 2005 I think) that I yet to experience a successful intrusion. I also use OSArmor 1.4.3, Outpost Firewall Pro 9.3 configured to max settings and Panda Dome Free 18.7.04. Also DropMyRights and Comodo Memory Firewall. OK, nothing is perfect but I don't lose any sleep.

    Firefox ESR 45.9 does as well as later Firefox versions in the BrowserAudit test.

    It gives me modest satisfaction to safely run the hacker gauntlet astride my Windows XP steed, the hardware of which was assembled in 2002.
     
    Last edited: Oct 26, 2019
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    With XP there is no reason to still use Mozilla Firefox 45.9.
    But if you really must, it is best to use the version developed by Roytam1:


    https://github.com/roytam1/mozilla45esr

    https://msfn.org/board/topic/180462-my-browser-builds-part-2/
     
  20. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    174
    Location:
    Wigan
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
  22. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    174
    Location:
    Wigan
    I downloaded a nearly 400MB zip file containing Mozilla 45 ESR but was unable to open it. Please could you suggest a suitable utility that will enable me to get at the zip file contents.
     
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,135
    Location:
    Italy
    1) Download the file (42.1 MB) in your Programs Folder:

    500.JPG

    2) Unpack the 7z file.
     
  24. ky331

    ky331 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    157
    Hake,

    For your XP system, you might want to take a look at the MyPal Browser:

    Mypal is a current and maintained Windows XP web browser. Mypal is based on Moonchild Productions' Pale Moon code, which itself was forked from Mozilla's FireFox code several years ago, but is also maintained and kept current. The goal of Mypal is to provide a current, secure, and reliable web browser for Windows XP. Mypal operates identically to Pale Moon with some minor exceptions.

    https://github.com/Feodor2/Mypal/releases

    For Add-ons in MyPal, I'm currently using uBlock Origin 1.16.4.11 (and uBlock Origin Updater 1.6.6), HTTP Always 5.2.24, and NoSquint 2.2.2

    I've been using it for over a month, and have been very pleased how well it runs.
    ... it feels "crisp" on my XP system, in contrast to other browsers which felt like they were "dragging" (as well as no longer being supported).
     
  25. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    236
    Did you need to do anything special to get MBAE and Sandboxie to play nice together?
     
    Last edited: Nov 3, 2019
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.