Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. loungehake

    loungehake Registered Member

    Joined:
    Mar 9, 2015
    Posts:
    145
    Location:
    Wigan
    I understand that Sandboxie 3.76 or earlier is necessary to run MBAE in co-operation with Sandboxie. In the Sandboxie folder in Program Files is a file named Templates.ini

    Add the following text to the end of that file : -
    ________________________________________________________________

    Tmpl.Title=MBAE
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION_*
    OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
    OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION_*
    OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
    OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
    OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
    OpenIpcPath=*\BaseNamedObjects*\mchLLEW*

    ________________________________________________________________


    Having done that, start Sandboxie and double click the Sandboxie system tray icon. A window titled 'Sandboxie Control' should popup. Via the Configure menu, click the 'Software Compatibility' menu item and then enable MBAE in the popup window titled 'Software Compatibility' by doing the following: -
    You should be able to see the entry '[ ] MBAE'. Click between the square brackets and the + character should appear, i.e. [+]. If the + is already displayed then MBAE must already have been enabled but I would not expect to see this.

    Thats it, done and dusted.
     
  2. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    412
    I believe I had posted these on the sandboxie forum before but as that is now gone I figured I'd do it here as well. This is the last revision I did around two, three years ago? Haven't heard of anything needing updating or others having issues but I no longer use MBAE or SBIE

    Code:
    [Template_XPMBAE]
    
    Tmpl.Title=MBAE (For use on XP with SBIE 3.76 ONLY;template_32MBAE still required)
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ModuleCompatibility
    OpenIpcPath=$:mbae-svc.exe
    
    [Template_32MBAE]
    
    Tmpl.Title=Malwarebytes Anti-Exploit (x86) Vista,7,8,10
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
    InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
    OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
    OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
    OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
    OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
    OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
    OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
    
    [Template_64MBAE]
    
    Tmpl.Title=Malwarebytes Anti-Exploit (x64) Vista,7,8,10
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
    InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
    InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
    OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
    OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
    OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
    OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
    OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
    OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
    
     
  3. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    234
    Hey @loungehake & @syrinx,

    Thanks for the info on how to get MBAE and Sandboxie working together. I greatly appreciate it!
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,933
    Malwarebytes Anti-Exploit Beta 1.13 Build 125 (November 11, 2019)
    https://forums.malwarebytes.com/top...i-exploit-113-build-125-released-nov-11-2019/

    Download: http://downloads.malwarebytes.org/file/mbae
    Protection:
    • Improved protection techniques for browsers and MS Office applications
    • Improved exclusion capabilities
    Usability:
    • Updated shield list to include Chrome and Edge Browsers
    • Improvements to reduce False Positives
    Stability/issues fixed:
    • Bug fixes
    • Fixed false positives with wscript
    • Fixed false positive detections with MS Office applications
    • Improved Logging capabilities
    • Internal Product Improvements
     
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    231
    Location:
    Island of Woman
    in my case the program takes too long to boot and I receive a prompt that tells me that, or it doesn't boot
     
  6. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    83
    Location:
    USA
    @ lucd

    Your issue isn't the same as I experience, but the fix might be...

    On this latest 1.13.1.125 I was prompted to restart and upon doing so the service could not be found.

    The Services "Path to executable" pointed to mbae-svc.exe in a system temp folder even though it was also in C:\Program Files (x86)\Malwarebytes Anti-Exploit.

    I've run into this here and there over the many years and so randomly so that I keep forgetting the restart prompt is a botched install red flag. An uninstall/reinstall fixes it.

    I use Revo Pro (Free should work OK) and ignore the folders deletion step, especially for the Malwarebytes Anti-Exploit folder in ProgramData where tweaked settings and custom shields, etc. data are stashed.

    There's probably a geeky-er fix but the uninstall/reinstall is over with in a about a minute and half.

    Cheers.
     
    Last edited: Nov 18, 2019
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    231
    Location:
    Island of Woman
    @Surt
    thanks I'll give it a try, on some pcs antiexploit works on some other it has the described symptoms. On 1 pc it works rock solid without said issues
    install/reinstall seams to work (albeit temporarily), I'll try to keep the program data leftover

    A separate problem is that it has no interface under normal user account, you need at least administrator. There is an interface after installing it, but you don't get the interface after a reboot (there is a pop up message that informs you of that issued by malwarebytes), and so if the described above issue occurs you don't get to know if it has been loaded, especially without an interface

    I want to keep it since it saved me once against process hollowing technique started by an executable on local drive
     
    Last edited: Nov 19, 2019
  8. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    231
    Location:
    Island of Woman
    yes it works if you leave programdata intact during uninstall, then install back , thanks
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,933
    Malwarebytes Anti-Exploit Beta 1.13 Build 127 (December 5, 2019)
    https://forums.malwarebytes.com/top...ti-exploit-113-build-127-released-dec-5-2019/

    Download: https://downloads.malwarebytes.org/file/mbae
    Protection:
    • Improved protection techniques for browsers and MS Office applications
    • Improved exclusion capabilities
    Usability:
    • Updated shield list to include Chrome and Edge Browsers
    • Improvements to reduce False Positives
    Stability/issues fixed:
    • Bug fixes
    • Fixed false positives with wscript
    • Fixed false positive detections with MS Office applications
    • Improved Logging capabilities
    • Internal Product Improvements
     
  10. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,959
    Still the new Chromium-based Edge (msedge.exe) and Vivaldi (vivaldi.exe) are not included / shielded.
    I have to add them manually.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.