Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    320
    Location:
    USA
    You'd pay for a beta?
    Anti-Exploit Premium was once a stand-alone paid product, and the free version became a beta testing program when in no uncertain terms they stiffed those who paid for the discontinued Premium, offering an unannounced, unpublished pro-rated refund to those who discovered they could request it.
     
  2. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    320
    Location:
    USA
    True. But the Settings UI is really (censored) as it is for just about everything else in there. If only MS would have the anti-exploit settings available in a management console, how nice it would be. I might fire off an email to Nirsoft. Maybe he can come up with one.
     
    Last edited: Aug 28, 2021
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,106
    Location:
    North of the 38th parallel.
    Along with Malwarebytes Antiransomware (MBARW) Beta, Malwarebytes Anti-Exploit (MBAE) Beta, and Malwarebytes Anti-Rootkit (MBAR) Beta are all now so called perpetual betas.

    If a user had previously held licensing for the then MBAE Premium (yearly or lifetime), that licensing would have then been generously converted to MBAM Premium if the refund was not chosen. I know as I personally allowed the conversion of my then MBAE Premium license to the full premium MBAM product. Marcin, @ZeroVulnLabs (@pbust) & Company have always taken the most generous path for Malwarebytes subscribers. At the time, the public announcements asked you to decide which choice you selected. If you personally did not elect a refund, the MBAE Premium license automatically became a MBAM Premium license.

    Explanations to this effect were adequately made in 2016 in this sub-forum and in the now Anti-Exploit Beta sub-forum at Malwarebytes.

    If your personal records can still show your MBAE Premium license could not activate MBAM Premium, or you applied for a never received refund, I can put you in contact with those who can commence a Malwarebytes internal investigation.

    HTH
     
  4. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    320
    Location:
    USA
    @ 1PW Thank you for your concerns.

    I was using Exploit Shield since before the Malwarebytes transition back in 2013. While I don't use it on my production Win10 system, I do run it on two others (one of them for the Insider Program) and two Win7 ones.

    Being "so called" is not common knowledge or not recognized by a significant number of its casual users as evidenced by posts herein. Releases should be,for example, "Malwarebytes Anti-Exploit Perpetual Beta 1.13 Build 400 (July 26, 2021)." The /Malwarebytes-Anti-Exploit-Product-Lifecycle page should be titled "Malwarebytes Anti-Exploit Perpetual Beta Lifecycle." And unless "End of Sale" has meaning unrelated to commerce, that column should go. All IMHO, of course.

    So, at the time MBAE was dropped, I was not running MBAM Premium nor was I interested in it and that disinterest persists to this day.

    The pro-rated refund I received was a result of my own request directly to support@ in December of 2016 for the subscription I renewed in May of 2016 and motivated by the December 7 End of Maintenance FAQ, wherever that might be if it still exists. I made that request because at that point in time, there was no mention of refunds, only the generous conversion to MBAM Premium or an assurance of continued support for the remainder of the MBAE subscription. Neither was acceptable. If a refund option was made public knowledge by Malwarebytes (Inc, LLC, whatever) thereafter, I no longer cared to make note of it. All that said, the refund and subscription cancellation was acceptable not simply for the amount, but in principle.

    As for "explanations to this effect...in this sub-forum," a search of "refund" in this thread returns nothing relevant to compensation for Premium customers. I did/do not follow the Malwarebytes forum. Dropping MBAE Premium was always about MBAM subscriptions and MBAE free as beta about testing the beta. As a capitalist, that's good capitalism for one and a brilliant method for acquiring beta testers for the other.

    Anyhow, Rasheed187 (having some 166 posts in this thread) dropped in and wondered why MBAE wasn't a premium product because it already was once upon a time and didn't seem to remember what he is using is a beta and why pay for that. My post was just a friendly memory jog.

    Speaking of the MBAE Premium license, it's been a few months since I did this, but I can enter it into MBAE Perpetual Beta, it'll go out and hit a server, validate and present my license ID under the About tab. Yes, I know that doesn't do anything special, but fun nonetheless.

    Finally, Malwarebytes: Thank You (!) for the Anti-Exploit (Perpetual) Beta releases. And if MBAE Premium were to return to the marketplace, my checkbook PayPal account is ready.

    Cheers.
     
  5. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,106
    Location:
    North of the 38th parallel.
    Hello @Surt

    Not often referred to publicly (nor officially objected to) we (that's me too) of the great unwashed have casually made reference to the downloadable, standalone MBAE, MBAR and MBARW betas as perpetual betas and because they are quite important integral modules/engines they will yet be foreseeably separate from the frequent but nearly always not available as a download, MB4 betas.

    If you personally, and many others, are a continuing users of the standalone MBAE beta, please accept the genuine thanks of many who truly appreciate its value like we do.

    Please allow that sadly I very likely misinterpreted your earlier post here. To be clear, should I leave things as they are or should I still contact Malwarebytes management for additional action regarding your previous MBAE Premium license?

    Thank you.
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,296
    Malwarebytes Anti-Exploit Beta 1.13 Build 407 (September 1, 2021)
    Release Notes (Forum)
    Download: https://downloads.malwarebytes.org/file/mbae
    Malwarebytes Anti-Exploit 1.13.1.407
    Protection:
    • New protection technique to block exploits from abusing MS Office and scripting applications
    • New technique to protect MS Office applications from loading points abuse attacks
    • New technique to protect MS Office applications from batch command abuse attacks
    • New granular protection against VBA7 process and VBE7 object abuse
    • New protection for email clients against scripting applications abuse attacks
    • New protection to protect MS Office applications from macro 4.0 abuse attacks
    Stability/issues fixed:
    • Fixed slowdown issues with MS Excel application
    • Disabled Java shield by default
    • Improved Logging capabilities
    • Internal Product Improvements
     
  7. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787
    The changes in .407 are not new. They are the same with the prevous version .400.......

    1.13.1.407
    =
    New protection technique to block exploits from abusing MS Office and scripting applications
    New technique to protect MS Office applications from loading points abuse attacks
    New technique to protect MS Office applications from batch command abuse attacks
    New granular protection against VBA7 process and VBE7 object abuse
    New protection for email clients against scripting applications abuse attacks
    New protection to protect MS Office applications from macro 4.0 abuse attacks

    Stability/issues fixed:
    Fixed slowdown issues with MS Excel application
    Disabled Java shield by default
    Improved Logging capabilities
    Internal Product Improvements
    --------------
    1.13.1.400 =
    New protection technique to block exploits from abusing MS Office and scripting applications
    New technique to protect MS Office applications from loading points abuse attacks
    New technique to protect MS Office applications from batch command abuse attacks
    New granular protection against VBA7 process and VBE7 object abuse
    New protection for email clients against scripting applications abuse attacks
    New protection to protect MS Office applications from macro 4.0 abuse attacks

    Stability/issues fixed:
    Fixed slowdown issues with MS Excel application
    Disabled Java shield by default
    Improved Logging capabilities
    Internal Product Improvements
    https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-160#post-3021878
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
    Well I'm sure you know what I mean. I remember that MBAE used to be a freeware product, but now they give away the Premium version for free, eventhough they have integrated exploit protection into Malwarebytes Premium that you have to pay for. But you won't hear me complain, I think it's a pretty good tool.

    Yes but have you seen how user unfriendly it is? Just like Windows Defender and Windows Firewall, it has a horrible interface. This is exactly why people are using tools like WFC and DefenderUI.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,015
    No, should i? at least it works, is not intrusing and working like charm.
    you mix up two things, Microsoft Defender / Microsoft Firewall and 3rd-party software.

    MBAE is 3rd, WFC is using Microsoft Firewall API and DefenderUI is just another UI for Defender settings.

    PS
    MBAE gets from paid to perpetual beta software with no fee, because they had it integrated into MBAM. either you pay for MBAM with a lot of unneeded features because MS Defender has it all, or you run it for free which means a blown product, the outdated v2.21 still gets signatures for a second scan opinion and i dont see any disadvantage for using it this way. In fact MBAM is not that goog as Defender and MBAM has not the same ability like adwcleaner which is more specific to find adware in system and special files, registry and more, MBAM cant do this in same way. jmy2ct
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
    So far, HMPA and MBAE are working like a charm too. And no, I didn't mix anything up, that's why I mentioned WFC and DefenderUI and not MBAE because I know it's third party security and not a frontend for baked in security for Windows. I believe HMPA and MBAE are most likely a bit more advanced when it comes to blocking exploits and they are way easier to configure.
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,296
    Malwarebytes Anti-Exploit Beta 1.13.1.415 (October 6, 2021)
    Release Notes
    Download: https://downloads.malwarebytes.org/file/mbae
     
  12. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787
    @1PW ,
    Few minutes ago, MBAE updated from 1.13.1.407 to 1.13.1.415.
    With the latest version, it's not possible to open any PDF file. See also the attached screenshot (Adobe Reader warning & MBAE UI / Adobe Reader Preferences).

    In order to open the PDF, I have to deactivate the shield for acrord32.exe
     

    Attached Files:

    Last edited: Oct 7, 2021
  13. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787

    Attached Files:

    Last edited: Oct 7, 2021
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Anon, what OS are you using?
     
  15. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787
    Windows 10 Pro x64, 21H1 (19043.1266).
     
  16. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,106
    Location:
    North of the 38th parallel.
    Hello @anon

    The MBAE Beta Technical Program Manager/Forum Manager are definitely aware of the v1.13.1.415 issues based on the postings you mentioned above. I have supplemented with private messages to Malwarebytes management regarding the additional remarks here.

    Thank you.
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,176
    Location:
    Europe
    So what is the difference between HItman Pro / MBAE / Windows 10 exploit protection? Cuz I don't see why use a program whose functionality is included in W10
     
  18. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,106
    Location:
    North of the 38th parallel.
    Hello @Floyd 57

    As far as I am aware, the HitmanPro standalone application itself does not have a real-time Anti-Exploit comparison to Malwarebytes Anti-Exploit or lesser Windows 10 protections. Did you mean another Sophos product instead?

    Some folks prefer to use the free Malwarebytes Anti-Exploit (MBAE) Beta instead of installing Malwarebytes for Windows Premium to mediate the continuing shortcomings of Windows.

    What is Exploit Protection

    HTH
     
    Last edited: Oct 7, 2021
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787
    Last edited: Oct 7, 2021
  20. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    883
    Location:
    USA
    That's why it's called a "Beta".

    To test a new anti-malware release before it gets rolled into Malwarebytes Premium.
     
  21. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787
  22. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,176
    Location:
    Europe
    I meant Hitman Pro Alert yeah
     
  23. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,015
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,176
    Location:
    Europe
    Malwarebytes claim that their security is superior to EMET, which as far as I know is an inferior version of windows 10 exploit protection. So who's better? I don't know really, they are incredibly vague in their description. The best one can get is:

    I deleted the irrelevant parts of the above quote

    Layer 1 - already default On for ALL programs in windows 10

    upload_2021-10-7_22-9-40.png
    upload_2021-10-7_22-9-49.png

    Whether MBAE has smth extra on top of those in Layer 1 it's impossible to tell without manually testing all kinds of exploits against the two (mbae and w10 exploit protection) or seeing the code obviously, which obviously they won't release. But at least W10 is transparent in what it provides, although obviously the implementation and to what level the security works is a whole another topic, like just because both provide DEP doesn't mean one's implementation of DEP isn't better, making it better than the other. Although I am not sure if it works that way or not. Could just be one and the same implementation regardless.

    Layer 2 "This protection layer incorporates multiple memory techniques to prevent exploit code from executing from memory." well from w10 EP High-entropy ASLR fits that description, not sure what else. But technically High-Entropy ASLR could have multiple "stuff" that works for it, aka Layer 2 could be the same thing but for all we know Malwarebytes could just be turkish-delight stretching the words to fit the narrative. So what is what, impossible to tell if u're not into this kind of stuff, and there seems to be no "exploit devs" over here.

    Layer 3 - This sounds a bit like what appguard does with its Guarded apps, aka it does not let em write to system space. But in case of MBAE, since each application is carefully analysed and adjusted for, it probably only lets them write to their own place, aka browser to the user data and the downloads folder, office only to where the file is saved etc. A good protection indeed. I personally think it's useless for a browser as a home user, i mean chance u visit a 0 day exploit if ur browser has the latest version is close to 0, u prob have more chance of winning the lottery. Probably. But for stuff like MS Office it's a really good protection because for example if u download malicious file with macros and stuff this "exploit protection" will prevent it from writing or starting processes such as cmd and powershell etc. essentially rendering the malware useless. Assuming that what i'm speculating about this Layer 3 is right. However I did read that having both W10 EP and MBAE is bad as they fight each other, so not sure how MBAE solved that, as i don't use it and their FAQ is garbage. And Layer 0 just sounds like adjusting some settings here and there, so nothing u cannot do by hand probably if u know what needs to be adjusted. Like enabling site isolation for browser that is not updated to latest version etc. Such stuff.

    So this sums up my speculation on what MBAE does, essentially something like Appguard but with extras as Appguard does not prevent exploits with "techniques" but instead it prevents exploits by Guarding them thus restriction their privileges and permissions. I had the same setups back in the days with Excubits Memprotect and Pumpernickel.

    That said, if u go to program settings u can see ALL those exploit protections:

    upload_2021-10-7_22-21-53.png
    upload_2021-10-7_22-22-0.png
    upload_2021-10-7_22-22-10.png
    upload_2021-10-7_22-22-20.png
    upload_2021-10-7_22-22-31.png
    upload_2021-10-7_22-22-43.png

    Now as you can see, that's a lot of exploit protections, leaving plenty for Malwarebytes Team to stretch upon their layers with cool sounding words so us mortals who do not understand anything at all will think it's some godlike product, when in fact the truth could be that the only thing MBAE has over W10 EP is Layer 3 with the Restrictions once a process is hijacked Appguard-style

    IN FACT, if I am not mistaken, Windows 10 is NOT open-source. So W10 Exploit Protection is NOT open-soource. So maybe malwarebytes did the same stuff like W10 EP but they just don't know it as they cannot check the code of W10 EP, and maybe Microsoft doesn't know that Malwarebytes did the same stuff as W10 EP because they cannot check Malwarebytes' code either, since both W10 EP and Malwabytes are not open-source. And maybe they each have smth that the other one doesn't, maybe they are the exact same, maybe one is strictly inferior, maybe one is mostly inferior but has something extra up its sleeve, who knows? We won't until they go open-source really. The only thing I know is that if MBAE's Layer 3 is what I think it might be (appguard-like defences once a process is hijacked), then it might have something going for it.
     

    Attached Files:

    Last edited: Oct 7, 2021
  25. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,787
    Further to the mentioned bugs, the latest version (1.13.1.415) comes with some new (and weird) changes:
    In "Settings", a new option "Enable Debug Logging" it is already enable by default. If you disable it, with next reboot auto enables once again.
     

    Attached Files:

    Last edited: Oct 10, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.